Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-43281

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Ele... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 4.7

    MEDIUM
    CVE-2024-43236

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9.... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.0

    CRITICAL
    CVE-2024-43252

    Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue affects Crew HRM: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 7.1

    HIGH
    CVE-2024-43256

    Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.... Read more

    Affected Products : leopard
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.6

    CRITICAL
    CVE-2024-43261

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-43272

    Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.... Read more

    Affected Products : icegram_express
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43245

    Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 8.8

    HIGH
    CVE-2024-43247

    Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 8.5

    HIGH
    CVE-2024-43232

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7831

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-120... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-42758

    A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 19, 2024

  • 6.3

    MEDIUM
    CVE-2024-22219

    XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underly... Read more

    Affected Products :
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7830

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, ... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7829

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7828

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.1

    MEDIUM
    CVE-2024-7815

    A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page.... Read more

    Affected Products : online_railway_reservation_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.1

    MEDIUM
    CVE-2024-7814

    A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argum... Read more

    Affected Products : online_railway_reservation_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 7.5

    HIGH
    CVE-2024-7813

    A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation lead... Read more

    Affected Products : prison_management_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-7812

    A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The ma... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7811

    A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possib... Read more

    Affected Products : daily_expenses_monitoring_app
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 291384 Results