Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-10629

    The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticate... Read more

    Affected Products : wp_gpx_maps gpx_viewer
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-10577

    The 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-10038

    The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 7.3

    HIGH
    CVE-2024-28731

    Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.... Read more

    Affected Products : dwr-2000m_firmware dwr-2000m
    • Published: Nov. 12, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-28730

    Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.... Read more

    Affected Products : dwr-2000m_firmware dwr-2000m
    • Published: Nov. 12, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-28729

    An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.... Read more

    Affected Products : dwr-2000m_firmware dwr-2000m
    • Published: Nov. 12, 2024
    • Modified: Nov. 22, 2024

  • 6.6

    MEDIUM
    CVE-2024-28728

    Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.0

    HIGH
    CVE-2024-28726

    An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.... Read more

    Affected Products : dwr-2000m_firmware
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2021-27704

    Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.... Read more

    Affected Products : appspace
    • Published: Nov. 12, 2024
    • Modified: Jun. 27, 2025

  • 5.4

    MEDIUM
    CVE-2021-27703

    Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.3

    HIGH
    CVE-2021-27702

    Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 4.7

    MEDIUM
    CVE-2021-27701

    SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF r... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.6

    HIGH
    CVE-2021-27700

    SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-51179

    An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establis... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-48075

    A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2024-11168

    The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than o... Read more

    Affected Products : python
    • Published: Nov. 12, 2024
    • Modified: Apr. 11, 2025

  • 8.0

    HIGH
    CVE-2024-51094

    An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, ... Read more

    Affected Products : snipe-it
    • Published: Nov. 12, 2024
    • Modified: May. 22, 2025

  • 8.7

    HIGH
    CVE-2024-51093

    Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permi... Read more

    Affected Products : snipe-it
    • Published: Nov. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-49512

    InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Nov. 12, 2024
    • Modified: Nov. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-49511

    InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Nov. 12, 2024
    • Modified: Nov. 16, 2024
Showing 20 of 292212 Results