Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-41348

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41347

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41346

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43965

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-6671

    In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.... Read more

    Affected Products : whatsup_gold
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8389

    Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.... Read more

    Affected Products : firefox
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-44921

    SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.... Read more

    Affected Products : seacms
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-44920

    A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.... Read more

    Affected Products : seacms
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8380

    A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulatio... Read more

    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 8.7

    HIGH
    CVE-2024-8004

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience 3dexperience_enovia
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 8.7

    HIGH
    CVE-2024-7938

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience 3dexperience
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-38858

    Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.... Read more

    Affected Products : checkmk checkmk
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-8365

    Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of c... Read more

    Affected Products : vault
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-44809

    A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can expl... Read more

    Affected Products :
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-5024

    The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : memberpress memberpress
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-4401

    The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-2881

    Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privi... Read more

    Affected Products : linux_kernel windows wolfssl
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-1545

    Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileg... Read more

    Affected Products : linux_kernel windows wolfssl
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-1543

    The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line reso... Read more

    Affected Products : wolfssl
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-6672

    In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.... Read more

    Affected Products : whatsup_gold
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024
Showing 20 of 290189 Results