Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11192

    The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products : spotify-play-button-for-wordpress
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-11119

    The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-11091

    The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output es... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 8.4

    HIGH
    CVE-2018-11952

    An image with a version lower than the fuse version may potentially be booted lead to improper authentication.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-11922

    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2017-18153

    A race condition exists in a driver potentially leading to a use-after-free condition.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-17772

    In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2017-15832

    Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-11076

    On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2016-10394

    Initial xbl_sec revision does not have all the debug policy features and critical checks.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 7.2

    HIGH
    CVE-2024-9504

    The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : booking_calendar
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-8772

    51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis ... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 3.8

    LOW
    CVE-2024-8160

    Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This fla... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.4

    MEDIUM
    CVE-2024-6831

    Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Plea... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-47257

    Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for produ... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 29, 2024

  • 7.5

    HIGH
    CVE-2024-36254

    Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-36251

    The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of a... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.4

    HIGH
    CVE-2024-36249

    Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.1

    CRITICAL
    CVE-2024-36248

    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Aug. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-35244

    There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected prod... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 291384 Results