Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    CVSS31
    CVE-2024-8875

    A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched rem... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-46938

    An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-46918

    app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 5.0

    CVSS31
    CVE-2024-8869

    A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. T... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44059

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44058

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44057

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44054

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-44053

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 5.9

    CVSS31
    CVE-2024-45460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-45459

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-45458

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-45457

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-45456

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more

    Affected Products : wp_meta_seo
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 5.9

    CVSS31
    CVE-2024-45455

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more

    Affected Products : wp_meta_seo
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44063

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.... Read more

    Affected Products : happyforms
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44062

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.... Read more

    Affected Products : custom_field_template
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-44060

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.3

    CVSS31
    CVE-2024-8868

    A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be init... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 86 Results