Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-7030

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attacker... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-42939

    A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.... Read more

    Affected Products : yzncms
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-42337

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42338

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 8.3

    HIGH
    CVE-2024-42340

    CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42339

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-45488

    One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Aug. 30, 2024

  • 8.3

    HIGH
    CVE-2024-38869

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-41889

    Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.... Read more

    Affected Products : pitool play
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-6118

    A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-6117

    A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 8.8

    HIGH
    CVE-2024-8194

    Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 7.3

    HIGH
    CVE-2024-45232

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-... Read more

    Affected Products : typo3 powermail
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-45233

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the confi... Read more

    Affected Products : typo3 powermail
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.8

    HIGH
    CVE-2024-8250

    NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-38795

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 8.8

    HIGH
    CVE-2024-39620

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-39622

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.3

    MEDIUM
    CVE-2024-43954

    Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-43955

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024
Showing 20 of 291887 Results