Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-46240

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.4

    HIGH
    CVE-2022-23862

    A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" ... Read more

    Affected Products : safeq
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 6.1

    MEDIUM
    CVE-2022-23861

    Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution ... Read more

    Affected Products : safeq
    • Published: Oct. 22, 2024
    • Modified: Nov. 01, 2024

  • 9.6

    CRITICAL
    CVE-2024-8980

    The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA t... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-43177

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more

    Affected Products : concert
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 3.7

    LOW
    CVE-2024-43173

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more

    Affected Products : concert
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.0

    CRITICAL
    CVE-2024-38002

    The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a wo... Read more

    • Published: Oct. 22, 2024
    • Modified: Sep. 10, 2025

  • 8.8

    HIGH
    CVE-2024-26273

    Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 al... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-26272

    Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows re... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-26271

    Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through upda... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-50312

    A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack su... Read more

    Affected Products : openshift_container_platform
    • Published: Oct. 22, 2024
    • Modified: Jan. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-50311

    A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a ... Read more

    Affected Products : openshift_container_platform
    • Published: Oct. 22, 2024
    • Modified: Feb. 25, 2025

  • 7.3

    HIGH
    CVE-2024-10234

    A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against ... Read more

    • Published: Oct. 22, 2024
    • Modified: Jul. 23, 2025

  • 7.8

    HIGH
    CVE-2024-9050

    A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin f... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9231

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthe... Read more

    Affected Products : wp-members
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 6.4

    MEDIUM
    CVE-2024-10189

    The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output ... Read more

    Affected Products : anchor_episodes_index
    • Published: Oct. 22, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-9987

    A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-35308

    A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.5

    MEDIUM
    CVE-2024-9591

    The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : category_and_taxonomy_image
    • Published: Oct. 22, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-9590

    The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitizatio... Read more

    Affected Products : category_and_taxonomy_meta_fields
    • Published: Oct. 22, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294545 Results