Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-42311

    In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 =========... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-45435

    Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.... Read more

    Affected Products : chartist
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-45622

    ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.... Read more

    Affected Products :
    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 7.3

    HIGH
    CVE-2024-6586

    Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request wh... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-6585

    Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A thr... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-45623

    D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affect... Read more

    Affected Products :
    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43949

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.... Read more

    Affected Products : ghacitivity ghactivity
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 7.1

    HIGH
    CVE-2024-43948

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.... Read more

    Affected Products : wp_armour
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43946

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a thro... Read more

    Affected Products : skt_blocks
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43936

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8.... Read more

    Affected Products : embedpress
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43935

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/... Read more

    Affected Products : wp_delicious
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43934

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5.... Read more

    Affected Products : collapsing_archives
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-43788

    Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vu... Read more

    Affected Products : webpack
    • Published: Aug. 27, 2024
    • Modified: Sep. 03, 2024

  • 5.9

    MEDIUM
    CVE-2024-45056

    zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bi... Read more

    Affected Products : zksolc
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-45045

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the... Read more

    Affected Products : android online richdocumentscode
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 5.1

    MEDIUM
    CVE-2024-34463

    BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)... Read more

    Affected Products :
    • Published: Sep. 03, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5061

    The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escap... Read more

    Affected Products : enfold
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-2694

    The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with con... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-3998

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5879

    The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient inpu... Read more

    Affected Products : hubspot
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 292811 Results