Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2024-10920

    A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters... Read more

    Affected Products : travels-java-api
    • Published: Nov. 06, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10919

    A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The atta... Read more

    Affected Products : super-jacoco
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-6861

    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire pro... Read more

    Affected Products : foreman
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-35146

    IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functional... Read more

    Affected Products : maximo_application_suite
    • Published: Nov. 06, 2024
    • Modified: Jul. 08, 2025

  • 6.9

    MEDIUM
    CVE-2024-10916

    A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to informa... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-10082

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-10081

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other ... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10915

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the ... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-10914

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulat... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 24, 2024

  • 7.6

    HIGH
    CVE-2020-11859

    Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3... Read more

    Affected Products : imanager
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10186

    The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products : event_post
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8323

    The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escapi... Read more

    Affected Products : easy_pricing_tables
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10168

    The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input s... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10715

    The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : mappress
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9902

    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unp... Read more

    Affected Products : glance-store
    • Published: Nov. 06, 2024
    • Modified: Feb. 25, 2025

  • 10.0

    CRITICAL
    CVE-2024-8615

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible f... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-8614

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated ... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9681

    When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HT... Read more

    Affected Products : curl
    • Published: Nov. 06, 2024
    • Modified: Dec. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-52043

    Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.... Read more

    Affected Products : humhub
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 8.1

    HIGH
    CVE-2024-9946

    The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by ... Read more

    Affected Products : super_socializer
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 293612 Results