Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-45298

    Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test use... Read more

    Affected Products : wiki.js
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-8986

    The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (fo... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 8.7

    HIGH
    CVE-2024-7737

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-37406

    In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    CRITICAL
    CVE-2024-7785

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-45601

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability w... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-40568

    Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-46049

    Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.... Read more

    Affected Products : o6_firmware o6
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-46048

    Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i... Read more

    Affected Products : fh451_firmware fh451
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-46047

    Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-46046

    Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-46044

    CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.... Read more

    Affected Products : ch22_firmware ch22
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 5.9

    MEDIUM
    CVE-2024-45040

    gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with com... Read more

    Affected Products : gnark-crypto gnark
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 6.2

    MEDIUM
    CVE-2024-45039

    gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark ... Read more

    Affected Products : gnark-crypto gnark
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-7717

    The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t... Read more

    Affected Products : wp_events_manager
    • Published: Aug. 31, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2022-4100

    The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been block... Read more

    • Published: Aug. 31, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2022-4536

    The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restr... Read more

    Affected Products : ip-vault-wp-firewall
    • Published: Aug. 31, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2024-38210

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 22, 2024
    • Modified: Sep. 19, 2024

  • 7.8

    HIGH
    CVE-2024-38209

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 22, 2024
    • Modified: Sep. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-38208

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : android edge edge_chromium
    • Published: Aug. 22, 2024
    • Modified: Sep. 19, 2024
Showing 20 of 291020 Results