Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-8258

    Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.... Read more

    Affected Products : macos logi_options\+
    • Published: Sep. 10, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-45682

    There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 4.7

    MEDIUM
    CVE-2024-6723

    The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.... Read more

    Affected Products : ai_engine
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-42488

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn... Read more

    Affected Products : cilium
    • Published: Aug. 15, 2024
    • Modified: Sep. 27, 2024

  • 7.2

    HIGH
    CVE-2024-8761

    The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated att... Read more

    Affected Products : share_this_image share_this_image
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-8490

    The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthe... Read more

    Affected Products : propertyhive
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-6850

    The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : carousel_slider
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-7817

    The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack... Read more

    Affected Products : misiek_photo_album
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 5.7

    MEDIUM
    CVE-2024-5170

    The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : logo_manager_for_enamad
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 5.7

    MEDIUM
    CVE-2024-8043

    The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : vikinghammer_tweet
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 5.7

    MEDIUM
    CVE-2024-8051

    The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : special_feed_items
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-7818

    The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : misiek_photo_album
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-8091

    The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : enhanced_search_box
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-8092

    The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : accordion_image_menu
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 5.3

    MEDIUM
    CVE-2024-7711

    An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulner... Read more

    Affected Products : enterprise_server
    • Published: Aug. 20, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-8093

    The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : posts_reminder
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-7820

    The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ilc_thickbox
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-43366

    zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavio... Read more

    Affected Products : zkvyper
    • Published: Aug. 15, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-7822

    The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : quick_code
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-7859

    The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : visual_sound
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 291117 Results