Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-47652

    This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could explo... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 8.2

    HIGH
    CVE-2024-6400

    Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.... Read more

    Affected Products : finrota
    • Published: Oct. 04, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-47651

    This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body l... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9271

    The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : re\
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9071

    The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.... Read more

    Affected Products : easy_demo_importer
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9435

    The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : shiftcontroller
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 4.8

    MEDIUM
    CVE-2024-9306

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : wp_booking_calendar
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-6444

    No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.... Read more

    Affected Products : zephyr
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-9242

    The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficien... Read more

    Affected Products : memberful
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8804

    The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it pos... Read more

    Affected Products : code_embed
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-6443

    In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.... Read more

    Affected Products : zephyr
    • Published: Oct. 04, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-6442

    In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.... Read more

    Affected Products : zephyr
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-47855

    util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Nov. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-47854

    An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.... Read more

    Affected Products : data_insight
    • Published: Oct. 04, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-9445

    The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : display_medium_posts
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9421

    The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : login_logout_shortcode
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-9384

    The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This ma... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-9375

    The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible ... Read more

    Affected Products : captcha_bank
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9372

    The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products : wp_blocks_hub
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9368

    The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : aggregator_advanced_settings
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 294860 Results