Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-45233

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the confi... Read more

    Affected Products : typo3 powermail
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.8

    HIGH
    CVE-2024-8250

    NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-38795

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 8.8

    HIGH
    CVE-2024-39620

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-39622

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.3

    MEDIUM
    CVE-2024-43954

    Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-43955

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.1

    HIGH
    CVE-2024-43950

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5.... Read more

    Affected Products : bricksore
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-44070

    An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.... Read more

    Affected Products : enterprise_linux frrouting
    • Published: Aug. 19, 2024
    • Modified: Aug. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-43951

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.This issue affects Tempera: from n/a through 1.8.2.... Read more

    Affected Products : tempera
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-43952

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.This issue affects Esotera: from n/a through 1.2.5.1.... Read more

    Affected Products : esotera
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-43953

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a throug... Read more

    Affected Products : page_builder
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.5

    HIGH
    CVE-2024-6331

    stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HA... Read more

    Affected Products : devika
    • Published: Aug. 04, 2024
    • Modified: Aug. 30, 2024

  • 5.9

    MEDIUM
    CVE-2024-43960

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery B... Read more

    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.1

    HIGH
    CVE-2024-43963

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6... Read more

    Affected Products : yellowpencil
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.1

    CRITICAL
    CVE-2024-45436

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.... Read more

    Affected Products : ollama
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.1

    MEDIUM
    CVE-2024-41918

    'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent ... Read more

    Affected Products : ichiba
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.2

    HIGH
    CVE-2024-41236

    A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page... Read more

    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-34195

    TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to poten... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 8.0

    HIGH
    CVE-2024-42793

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.... Read more

    Affected Products : music_management_system
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024
Showing 20 of 291794 Results