Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2024-43401

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The u... Read more

    Affected Products : xwiki
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 7.5

    HIGH
    CVE-2024-7924

    A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit ha... Read more

    Affected Products : zzcms
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 7.5

    HIGH
    CVE-2024-7925

    A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosu... Read more

    Affected Products : zzcms
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 5.1

    MEDIUM
    CVE-2024-7453

    A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The ma... Read more

    Affected Products : fastadmin
    • Published: Aug. 04, 2024
    • Modified: Aug. 20, 2024

  • 7.5

    HIGH
    CVE-2024-6918

    CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.... Read more

    Affected Products : accutech_manager
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-43354

    Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2.... Read more

    Affected Products : mycred
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-43326

    Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 7.2

    HIGH
    CVE-2022-1206

    The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. Thi... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 7.5

    HIGH
    CVE-2024-43345

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0.... Read more

    Affected Products : landing_page_builder
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-25009

    Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 8.8

    HIGH
    CVE-2024-7827

    The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of suff... Read more

    Affected Products : wp_easycart
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-7850

    The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-43311

    Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-42757

    Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.... Read more

    Affected Products :
    • Published: Aug. 15, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7686

    A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_la... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7685

    A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7684

    A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cr... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7683

    A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripti... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.5

    MEDIUM
    CVE-2023-52889

    In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being creat... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7839

    A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remote... Read more

    Affected Products : billing_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 291275 Results