Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-44101

    there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-47012

    In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 8.7

    HIGH
    CVE-2020-26308

    Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-47821

    pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the res... Read more

    Affected Products : pyload
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-9853

    The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-8870

    The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This ... Read more

    Affected Products : forms_for_mailchimp_by_optin_cat
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-50307

    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. ... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 7.0

    HIGH
    CVE-2024-9991

    This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the ... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.1

    HIGH
    CVE-2024-0128

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of priv... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 8.7

    HIGH
    CVE-2020-26306

    Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 8.7

    HIGH
    CVE-2020-26310

    Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unkn... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-9454

    The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 5.3

    MEDIUM
    CVE-2023-26248

    The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the conte... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 4.3

    MEDIUM
    CVE-2024-10357

    The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for au... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 4.3

    MEDIUM
    CVE-2024-10092

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 8.7

    HIGH
    CVE-2020-26307

    HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patc... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 6.5

    MEDIUM
    CVE-2024-10435

    A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated rem... Read more

    Affected Products : super-jacoco
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 2.2

    LOW
    CVE-2024-23843

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-9116

    The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 7.2

    HIGH
    CVE-2024-9162

    The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 293352 Results