Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8517

    SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.... Read more

    Affected Products : spip
    • Published: Sep. 06, 2024
    • Modified: Sep. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-7721

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes i... Read more

    Affected Products : html5_video_player
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-45041

    External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has... Read more

    Affected Products : external_secrets_operator
    • Published: Sep. 09, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-8611

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack... Read more

    Affected Products : tailoring_management_system
    • Published: Sep. 09, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    HIGH
    CVE-2024-43327

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7.... Read more

    Affected Products : invite_anyone
    • Published: Aug. 18, 2024
    • Modified: Sep. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-43967

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1.... Read more

    Affected Products : wp_testimonial_widget
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-39641

    Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.... Read more

    Affected Products : learnpress
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-39645

    Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.... Read more

    Affected Products : tutor_lms
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-39657

    Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.... Read more

    Affected Products : sender
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-43116

    Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.... Read more

    Affected Products : simple_local_avatars
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-43117

    Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    HIGH
    CVE-2024-43230

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28.... Read more

    Affected Products : shared_files
    • Published: Aug. 26, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2023-37233

    Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-37234

    Loftware Spectrum through 4.6 has unprotected JMX Registry.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    HIGH
    CVE-2023-37232

    Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-8242

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes ... Read more

    Affected Products : mstore_api
    • Published: Sep. 13, 2024
    • Modified: Sep. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-37995

    A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIM... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    HIGH
    CVE-2024-37994

    A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIM... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 5.1

    MEDIUM
    CVE-2024-8145

    A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic... Read more

    Affected Products : classcms classcms
    • Published: Aug. 25, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    HIGH
    CVE-2024-37993

    A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIM... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 291019 Results