Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-43188

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.... Read more

    Affected Products : business_automation_workflow
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 9.0

    CRITICAL
    CVE-2021-27915

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 6.8

    MEDIUM
    CVE-2024-32034

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 7.5

    HIGH
    CVE-2024-45300

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times.... Read more

    Affected Products : alf
    • Published: Sep. 06, 2024
    • Modified: Sep. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-7734

    An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peer... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-45038

    An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version... Read more

    Affected Products : music_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-47563

    An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video St... Read more

    Affected Products : video_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-50360

    A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Stati... Read more

    Affected Products : video_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 7.8

    HIGH
    CVE-2024-42025

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.... Read more

    Affected Products : unifi_network_application
    • Published: Sep. 13, 2024
    • Modified: Sep. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-8054

    The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : mm-breaking_news
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8056

    The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : mm-breaking_news
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-6493

    The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products : header_footer_custom_code
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-6617

    The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products : header_footer_custom_code
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-7133

    The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a ... Read more

    Affected Products : mystickymenu my_sticky_bar
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 8.1

    HIGH
    CVE-2024-7863

    The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server... Read more

    Affected Products : favicon_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-7864

    The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server... Read more

    Affected Products : favicon_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-8047

    The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : visual_sound
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-7860

    The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : simple_headline_rotator
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-7861

    The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : misiek_paypal
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-43387

    A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 291160 Results