Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-8463

    File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.... Read more

    Affected Products : job_portal
    • Published: Sep. 05, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2021-4442

    In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCP_QUEUE_SEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ _after_ restoring data in the receive queue. mprotect(0x4aa000, 12288, PROT_RE... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-45589

    RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.... Read more

    Affected Products : rapididentity
    • Published: Sep. 05, 2024
    • Modified: Sep. 12, 2024

  • 7.5

    HIGH
    CVE-2024-43264

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.... Read more

    Affected Products : create
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-6312

    The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting i... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-8412

    A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the a... Read more

    Affected Products : shakal-ng
    • Published: Sep. 04, 2024
    • Modified: Sep. 12, 2024

  • 7.2

    HIGH
    CVE-2024-6311

    The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with ad... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 7.5

    HIGH
    CVE-2024-8391

    In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect... Read more

    Affected Products : vert.x
    • Published: Sep. 04, 2024
    • Modified: Sep. 12, 2024

  • 7.1

    HIGH
    CVE-2024-43313

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2.... Read more

    Affected Products : formfacade
    • Published: Aug. 18, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-45314

    Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Sep. 04, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-43309

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27.... Read more

    Affected Products : wp_telegram_widget_and_join_link
    • Published: Aug. 18, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-43308

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page B... Read more

    Affected Products : gutentor
    • Published: Aug. 18, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-43318

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.... Read more

    Affected Products : e2pdf
    • Published: Aug. 18, 2024
    • Modified: Sep. 12, 2024

  • 7.1

    HIGH
    CVE-2024-43916

    Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.... Read more

    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7733

    A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products : fastcms fastcms
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-44837

    A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more

    Affected Products : drug
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 10.0

    CRITICAL
    CVE-2024-6445

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.... Read more

    Affected Products : datadiodex
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-44401

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file... Read more

    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-52907

    In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_ur... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-42470

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Sep. 12, 2024
Showing 20 of 292772 Results