Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-9021

    In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : relevanssi
    • Published: Oct. 08, 2024
    • Modified: Jun. 09, 2025

  • 4.8

    MEDIUM
    CVE-2024-8983

    Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : custom_twitter_feeds
    • Published: Oct. 08, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-21533

    All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL sch... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 7.3

    HIGH
    CVE-2024-21532

    All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe e... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 3.3

    LOW
    CVE-2024-9026

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 character... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 7.5

    HIGH
    CVE-2024-8927

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be con... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2024-8926

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-8925

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to cont... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-47594

    SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registere... Read more

    Affected Products : netweaver_enterprise_portal
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-45382

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-45282

    Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications... Read more

    Affected Products : s\/4_hana
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-45278

    SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.... Read more

    Affected Products : commerce_backoffice
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-45277

    The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using ... Read more

    Affected Products : hana-client
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-43697

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-43696

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-39831

    in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-39806

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.7

    HIGH
    CVE-2024-37179

    SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality ... Read more

    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 6.2

    MEDIUM
    CVE-2024-47969

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 01, 2024

  • 4.4

    MEDIUM
    CVE-2024-47968

    Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 31, 2024
Showing 20 of 294853 Results