Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-6018

    The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6019

    The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8522

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8529

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping ... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6700

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6701

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.2

    MEDIUM
    CVE-2024-6702

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.4

    MEDIUM
    CVE-2020-24061

    Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more

    Affected Products : kw5515_firmware kw5515
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 7.6

    HIGH
    CVE-2024-43966

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.... Read more

    Affected Products : wp_testimonial_widget
    • Published: Aug. 26, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8695

    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.... Read more

    Affected Products : desktop
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8696

    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.... Read more

    Affected Products : desktop
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-8605

    A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)<... Read more

    Affected Products : inventory_management
    • Published: Sep. 09, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-45406

    Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.... Read more

    Affected Products : craft_cms
    • Published: Sep. 09, 2024
    • Modified: Sep. 13, 2024

  • 7.2

    HIGH
    CVE-2024-44871

    An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : mozilocms
    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-44872

    A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : mozilocms
    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 7.8

    HIGH
    CVE-2024-38252

    Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 7.8

    HIGH
    CVE-2024-38253

    Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 6.2

    MEDIUM
    CVE-2024-38254

    Windows Authentication Information Disclosure Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 7.1

    HIGH
    CVE-2023-41884

    ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.... Read more

    Affected Products : zoneminder
    • Published: Aug. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-38256

    Windows Kernel-Mode Driver Information Disclosure Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 292801 Results