Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10021

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the a... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.5

    HIGH
    CVE-2023-32190

    mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Mar. 19, 2025

  • 6.4

    MEDIUM
    CVE-2024-8921

    The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-9444

    The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : elementsready
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-9858

    There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more

    Affected Products : migrate_to_containers
    • Published: Oct. 16, 2024
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2023-32188

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : neuvector
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2023-22650

    A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect th... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-9540

    The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated atta... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-9061

    The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the s... Read more

    Affected Products : wp_popup_builder
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 7.1

    HIGH
    CVE-2024-45715

    The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.... Read more

    Affected Products : solarwinds_platform
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 4.8

    MEDIUM
    CVE-2024-45714

    Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.... Read more

    Affected Products : serv-u
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45711

    SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software env... Read more

    Affected Products : serv-u
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-45710

    SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.... Read more

    Affected Products : solarwinds_platform
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-45693

    Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated us... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2024-45462

    The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain ac... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2024-45461

    The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Feb. 12, 2025

  • 8.5

    HIGH
    CVE-2024-45219

    Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or v... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45217

    Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45216

    Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL pa... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 6.4

    MEDIUM
    CVE-2023-7296

    The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294759 Results