Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-43262

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.... Read more

    Affected Products :
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 7.1

    HIGH
    CVE-2024-43348

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.... Read more

    Affected Products :
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-43320

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Pa... Read more

    Affected Products : wpbakery_page_builder_addons
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-7703

    The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input ... Read more

    Affected Products : armember
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 7.1

    HIGH
    CVE-2024-43241

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more

    Affected Products : ultimate_membership_pro
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 7.1

    HIGH
    CVE-2024-43306

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.... Read more

    Affected Products :
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 7.2

    HIGH
    CVE-2023-3416

    The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied... Read more

    Affected Products :
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-43820

    In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DM_RECOVERY_... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-43830

    In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-42273

    In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid mkdir /mnt/test/comp f2fs_io setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-42317

    In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-42279

    In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subs... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 0.0

    NA
    CVE-2024-42274

    In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-43263

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-25582

    Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary acce... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 6.9

    MEDIUM
    CVE-2024-7709

    A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to c... Read more

    Affected Products : ocomon
    • Published: Aug. 13, 2024
    • Modified: Aug. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43373

    webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundle... Read more

    Affected Products : windows webcrack
    • Published: Aug. 15, 2024
    • Modified: Aug. 16, 2024

  • 7.0

    HIGH
    CVE-2022-23817

    Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024

  • 6.8

    MEDIUM
    CVE-2024-38161

    Windows Mobile Broadband Driver Remote Code Execution Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-38160

    Windows Network Virtualization Remote Code Execution Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024
Showing 20 of 294356 Results