Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-7626

    The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions ... Read more

    Affected Products : wp_delicious
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-8945

    A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The att... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-45604

    Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerabili... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8045

    The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : advanced_wordpress_backgrounds
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-45398

    Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advise... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-43460

    Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 8.0

    HIGH
    CVE-2024-44815

    Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-8338

    A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argu... Read more

    Affected Products : shudong-share
    • Published: Aug. 30, 2024
    • Modified: Sep. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-6641

    The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. Thi... Read more

    Affected Products : wp_hardening
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-45047

    svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, bu... Read more

    Affected Products : svelte
    • Published: Aug. 30, 2024
    • Modified: Sep. 25, 2024

  • 9.4

    CRITICAL
    CVE-2024-6877

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24.... Read more

    Affected Products : panel
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 5.3

    MEDIUM
    CVE-2022-4533

    The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login ... Read more

    Affected Products : limit_login_attempts_plus
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-8850

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization a... Read more

    Affected Products : mailchimp
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-9006

    A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. The attack ... Read more

    Affected Products : 123solar
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9007

    A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack re... Read more

    Affected Products : 123solar
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-45312

    Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed... Read more

    Affected Products : overleaf
    • Published: Sep. 02, 2024
    • Modified: Sep. 25, 2024

  • 6.0

    MEDIUM
    CVE-2024-21753

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attac... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-45313

    Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring t... Read more

    Affected Products : overleaf
    • Published: Sep. 02, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9030

    A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : crmgo_saas
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-9043

    Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privilege... Read more

    Affected Products : secure_email_gateway
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024
Showing 20 of 291209 Results