Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-2800

    ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Sep. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-4207

    A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be m... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-7965

    Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Actively Exploited
    • Published: Aug. 21, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-7557

    A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credenti... Read more

    Affected Products : openshift_data_science openshift_ai
    • Published: Aug. 12, 2024
    • Modified: Sep. 18, 2024

  • 4.7

    MEDIUM
    CVE-2024-8120

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otim... Read more

    • Published: Aug. 24, 2024
    • Modified: Sep. 17, 2024

  • 5.9

    MEDIUM
    CVE-2024-43324

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0.... Read more

    Affected Products : clever_addons_for_elementor
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-43276

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4.... Read more

    Affected Products : child_theme_creator
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43329

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7.... Read more

    Affected Products : allegiant
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    HIGH
    CVE-2024-7526

    ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, an... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Sep. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-8610

    A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last... Read more

    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-45695

    The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more

    Affected Products : dir-x4860_firmware dir-x4860
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-45694

    The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43251

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4.... Read more

    Affected Products : bit_form
    • Published: Aug. 26, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-43255

    Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.... Read more

    Affected Products : mybook_table_bookstore
    • Published: Aug. 26, 2024
    • Modified: Sep. 17, 2024

  • 9.6

    CRITICAL
    CVE-2024-40643

    Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.... Read more

    Affected Products : joplin
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 8.7

    HIGH
    CVE-2024-8601

    This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request... Read more

    Affected Products : back_office_software
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-38188

    Azure Network Watcher VM Agent Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 7.3

    HIGH
    CVE-2024-43470

    Azure Network Watcher VM Agent Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 3.1

    LOW
    CVE-2024-8042

    Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more

    Affected Products : insight_platform
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    HIGH
    CVE-2024-38119

    Windows Network Address Translation (NAT) Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 290983 Results