Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9972

    Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2024-46898

    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.... Read more

    Affected Products : shirasagi
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-9944

    The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more

    Affected Products : woocommerce
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-0129

    NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.... Read more

    Affected Products : linux_kernel macos windows nemo
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-21535

    Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.... Read more

    Affected Products : markdown-to-jsx
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9971

    The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9970

    The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-9969

    NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer main... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 8.8

    HIGH
    CVE-2024-9968

    WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 5.1

    MEDIUM
    CVE-2024-9952

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of ... Read more

    Affected Products : online_eyewear_shop
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-9820

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 8.8

    HIGH
    CVE-2024-9687

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-6757

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more

    Affected Products : website_builder
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-9548

    The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This ... Read more

    Affected Products : slimstat_analytics
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-9546

    The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution resul... Read more

    Affected Products : wpide
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-30117

    A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more

    Affected Products : bigfix_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-9953

    A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile i... Read more

    Affected Products : vince
    • Published: Oct. 14, 2024
    • Modified: Mar. 20, 2025

  • 8.4

    HIGH
    CVE-2024-35520

    Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 8.4

    HIGH
    CVE-2024-35519

    Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.... Read more

    • Published: Oct. 14, 2024
    • Modified: Mar. 17, 2025

  • 8.4

    HIGH
    CVE-2024-35518

    Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.... Read more

    Affected Products : ex6120_firmware ex6120
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025
Showing 20 of 294836 Results