Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-40645

    FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image re... Read more

    Affected Products : fogproject fog
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-41108

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieve... Read more

    Affected Products : fogproject fog
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-41954

    FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials... Read more

    Affected Products : fogproject
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.2

    HIGH
    CVE-2024-38482

    CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute u... Read more

    Affected Products : cloudlink
    • Published: Aug. 02, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-42458

    server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.... Read more

    Affected Products : neatvnc
    • Published: Aug. 02, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-6710

    The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Aug. 05, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43942

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.... Read more

    Affected Products : greenshift_query_addon
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43943

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.... Read more

    Affected Products : greenshift_woocommerce_addon
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43957

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.... Read more

    Affected Products : animated_number_counters
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-8407

    A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of... Read more

    Affected Products : akademy
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-8408

    A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_arra... Read more

    Affected Products : wrt54g wrt54g_firmware
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-43961

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3.... Read more

    Affected Products : toggle_show\/hide
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-7076

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024.... Read more

    Affected Products : semtek_sempos
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-7077

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects Semtek Sempos: through 31072024.... Read more

    Affected Products : semtek_sempos
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.3

    MEDIUM
    CVE-2024-21658

    discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandw... Read more

    Affected Products : discourse_calendar calendar
    • Published: Aug. 30, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-7078

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.... Read more

    Affected Products : semtek_sempos
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-45522

    Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.... Read more

    Affected Products : linen
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-20089

    In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: ... Read more

    Affected Products : android yocto rdk-b mt6835 mt6878 mt6886 mt6897 mt6980 mt6985 mt6989 +5 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-20087

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6765 mt6768 mt8667 mt8766 mt8768 mt8781 mt8788 +3 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-20086

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6765 mt6768 mt8667 mt8766 mt8768 mt8781 mt8788 +3 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024
Showing 20 of 290213 Results