Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-39629

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2.... Read more

    Affected Products : himalayas
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 7.1

    HIGH
    CVE-2024-39631

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2.... Read more

    Affected Products : contest_gallery
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-39643

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.... Read more

    Affected Products : registrationmagic
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-39644

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5.... Read more

    Affected Products : black_widgets_for_elementor
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 7.1

    HIGH
    CVE-2024-39646

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1.... Read more

    Affected Products : custom_404_pro
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 7.1

    HIGH
    CVE-2024-39647

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1.... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-8041

    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub im... Read more

    Affected Products : gitlab
    • Published: Aug. 22, 2024
    • Modified: Sep. 11, 2024

  • 6.4

    MEDIUM
    CVE-2024-7110

    An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.... Read more

    Affected Products : gitlab
    • Published: Aug. 22, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6502

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.... Read more

    Affected Products : gitlab
    • Published: Aug. 22, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2021-4441

    In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dere... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 11, 2024

  • 4.7

    MEDIUM
    CVE-2023-52896

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas,... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 6.4

    MEDIUM
    CVE-2024-6894

    The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authe... Read more

    Affected Products : rd_station
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 6.4

    MEDIUM
    CVE-2024-8363

    The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : share_this_image share_this_image
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-5309

    The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analyt... Read more

    Affected Products : form_vibes
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-6835

    The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data f... Read more

    Affected Products : ivory_search
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52895

    In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multish... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 8.1

    HIGH
    CVE-2024-7627

    The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This ma... Read more

    Affected Products : file_manager
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52894

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-an... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 7.4

    HIGH
    CVE-2024-45596

    Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happen... Read more

    Affected Products : directus
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024

  • 8.2

    HIGH
    CVE-2024-21529

    Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __pro... Read more

    Affected Products : dset
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 293329 Results