Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-5763

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, an... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-6575

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all ve... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-6864

    The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output ... Read more

    Affected Products : wp_last_modified_info
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-41697

    Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41698

    Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41699

    Priority – CWE-552: Files or Directories Accessible to External Parties... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41518

    An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.... Read more

    Affected Products : feripro
    • Published: Aug. 02, 2024
    • Modified: Sep. 03, 2024

  • 4.9

    MEDIUM
    CVE-2024-43803

    The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. ... Read more

    Affected Products : baremetal_operator
    • Published: Sep. 03, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41700

    Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : sip_client_firmware
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-42941

    Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Aug. 15, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-42940

    Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Aug. 15, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-41241

    A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.... Read more

    • Published: Aug. 07, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-40473

    A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.... Read more

    • Published: Aug. 12, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-33892

    Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3... Read more

    • Published: Aug. 02, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-3886

    The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato... Read more

    Affected Products : tagdiv_composer composer
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-42987

    Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 15, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-42948

    Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Aug. 15, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-42568

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2024-44778

    A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2024-44779

    A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 291890 Results