Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9984

    Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-9983

    Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9925

    SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘Reque... Read more

    Affected Products : qplant_sf
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-9895

    The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.8

    MEDIUM
    CVE-2024-47944

    The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-47943

    The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-9982

    AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database c... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-9981

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9980

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-9837

    The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly val... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9972

    Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2024-46898

    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.... Read more

    Affected Products : shirasagi
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-9944

    The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more

    Affected Products : woocommerce
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-0129

    NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.... Read more

    Affected Products : linux_kernel macos windows nemo
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-21535

    Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.... Read more

    Affected Products : markdown-to-jsx
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9971

    The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9970

    The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-9969

    NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer main... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 8.8

    HIGH
    CVE-2024-9968

    WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 5.1

    MEDIUM
    CVE-2024-9952

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of ... Read more

    Affected Products : online_eyewear_shop
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294846 Results