Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-49638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0.... Read more

    Affected Products : risk_warning_bar
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1.... Read more

    Affected Products : bet_wc_2018_russia
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0.... Read more

    Affected Products : agile_video_player_lite
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49635

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1.... Read more

    Affected Products : banner_slider
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 2.7

    LOW
    CVE-2024-41156

    Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users wit... Read more

    • Published: Oct. 29, 2024
    • Modified: Dec. 05, 2024

  • 7.2

    HIGH
    CVE-2024-41153

    Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privil... Read more

    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 9.1

    CRITICAL
    CVE-2024-10474

    Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.... Read more

    Affected Products : firefox_focus
    • Published: Oct. 29, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-10468

    Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.... Read more

    Affected Products : firefox thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10467

    Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10466

    By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Mar. 22, 2025

  • 7.5

    HIGH
    CVE-2024-10465

    A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10464

    Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunder... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10463

    Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10462

    Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10461

    In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 12... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-10460

    The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10459

    An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10458

    A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-49667

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NervyThemes Local Business Addons For Elementor allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through 1.1.5.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-49665

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1.... Read more

    Affected Products : web_bricks_addons
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 293680 Results