Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9353

    The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for una... Read more

    Affected Products : popularis_extra
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9349

    The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes... Read more

    Affected Products : auto_amazon_links
    • Published: Oct. 04, 2024
    • Modified: Oct. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-9345

    The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possib... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9237

    The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc... Read more

    Affected Products : fish_and_ships
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-9204

    The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products : smart_custom_404_error_page
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-8802

    The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : clio_grow
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-8520

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or inco... Read more

    Affected Products : ultimate_member
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8519

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and includ... Read more

    Affected Products : ultimate_member
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47850

    CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the n... Read more

    Affected Products : cups
    • Published: Oct. 04, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-44207

    This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 04, 2024
    • Modified: Mar. 25, 2025

  • 5.5

    MEDIUM
    CVE-2024-44204

    A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 04, 2024
    • Modified: Mar. 25, 2025

  • 9.3

    CRITICAL
    CVE-2024-45367

    The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43699

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-42417

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-41925

    The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 8.0

    HIGH
    CVE-2024-46658

    Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 07, 2024

  • 4.7

    MEDIUM
    CVE-2024-9266

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.... Read more

    Affected Products : express
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 8.0

    HIGH
    CVE-2024-41596

    Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.... Read more

    • Published: Oct. 03, 2024
    • Modified: Jun. 11, 2025

  • 8.0

    HIGH
    CVE-2024-41595

    DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.... Read more

    Affected Products : vigor3910_firmware vigor3910
    • Published: Oct. 03, 2024
    • Modified: Apr. 10, 2025

  • 7.5

    HIGH
    CVE-2024-41594

    An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.... Read more

    • Published: Oct. 03, 2024
    • Modified: Mar. 19, 2025
Showing 20 of 294860 Results