Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-47641

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41276

    A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentia... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8720

    The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output esc... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-45408

    eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something... Read more

    Affected Products : elabftw
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8288

    The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to,... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-9267

    The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 4.9

    MEDIUM
    CVE-2024-0116

    NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.... Read more

    Affected Products : triton_inference_server
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2024-47616

    Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) ... Read more

    Affected Products : pomerium
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-47614

    async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability i... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-9266

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.... Read more

    Affected Products : express
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 8.6

    HIGH
    CVE-2024-41987

    The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative pr... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-6360

    Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 thr... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.3

    CRITICAL
    CVE-2024-45367

    The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-45962

    October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code v... Read more

    Affected Products : october
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 4.5

    MEDIUM
    CVE-2024-21530

    Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 5.8

    MEDIUM
    CVE-2024-47762

    Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. ... Read more

    Affected Products : backstage backstage
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-9100

    Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.... Read more

    Affected Products : manageengine_analytics_plus
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-42504

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-9174

    Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI... Read more

    Affected Products : hubshare
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8159

    Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 294741 Results