Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-5309

    The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analyt... Read more

    Affected Products : form_vibes
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-6835

    The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data f... Read more

    Affected Products : ivory_search
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52895

    In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multish... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 8.1

    HIGH
    CVE-2024-7627

    The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This ma... Read more

    Affected Products : file_manager
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52894

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-an... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 7.4

    HIGH
    CVE-2024-45596

    Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happen... Read more

    Affected Products : directus
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024

  • 8.2

    HIGH
    CVE-2024-21529

    Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __pro... Read more

    Affected Products : dset
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 8.0

    HIGH
    CVE-2024-43690

    Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 p... Read more

    Affected Products : command_centre
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-23906

    Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: ... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-24972

    Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnos... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 8.7

    HIGH
    CVE-2024-8232

    SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.... Read more

    Affected Products : scada_webserver
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024

  • 6.9

    MEDIUM
    CVE-2024-8655

    A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack re... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024

  • 4.6

    MEDIUM
    CVE-2024-39808

    Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Con... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-44844

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52893

    In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars ca... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-44845

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6852

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.7

    MEDIUM
    CVE-2022-48899

    In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the o... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6853

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6855

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292517 Results