Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-42314

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43772

    SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-8366

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argum... Read more

    • Published: Aug. 31, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8344

    A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection.... Read more

    Affected Products : supplier_management_system
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-41226

    A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client si... Read more

    Affected Products : automation_360
    • Published: Aug. 06, 2024
    • Modified: Sep. 03, 2024

  • 6.7

    MEDIUM
    CVE-2024-39579

    Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.... Read more

    Affected Products : powerscale_onefs
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-39578

    Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.... Read more

    Affected Products : powerscale_onefs
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-5212

    The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_for... Read more

    Affected Products : tagdiv_composer composer
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7936

    A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7937

    A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack ... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-7942

    A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The a... Read more

    Affected Products : leads_manager_tool
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-7943

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. T... Read more

    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5763

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, an... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-6575

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all ve... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-6864

    The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output ... Read more

    Affected Products : wp_last_modified_info
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-41697

    Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41698

    Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41699

    Priority – CWE-552: Files or Directories Accessible to External Parties... Read more

    Affected Products : priority
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-41518

    An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.... Read more

    Affected Products : feripro
    • Published: Aug. 02, 2024
    • Modified: Sep. 03, 2024

  • 4.9

    MEDIUM
    CVE-2024-43803

    The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. ... Read more

    Affected Products : baremetal_operator
    • Published: Sep. 03, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 291902 Results