Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-7310

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The atta... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-7309

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to i... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7308

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7307

    A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads ... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7290

    A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7289

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql ... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-38989

    izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43163

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43126

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS an... Read more

    Affected Products : sender
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-38752

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.... Read more

    Affected Products : zoho_campaigns
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43139

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.1

    MEDIUM
    CVE-2024-39922

    A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43155

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.... Read more

    Affected Products : comboblocks
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43127

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCom... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43210

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2.... Read more

    Affected Products : element_kit_for_elementor
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.6

    HIGH
    CVE-2024-39651

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43226

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11.... Read more

    Affected Products : wp_dashboard_notes
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-35775

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a thr... Read more

    Affected Products : slider
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-39642

    Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.... Read more

    Affected Products : learnpress
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43124

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 294846 Results