Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-49297

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-48025

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-48046

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.... Read more

    Affected Products : contact_form
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.7

    HIGH
    CVE-2024-49396

    The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-3186

    CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript temp... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.0

    HIGH
    CVE-2024-9414

    In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.... Read more

    Affected Products : laquis_scada
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-9898

    The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9951

    The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-49280

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-49304

    Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-48024

    : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.1

    HIGH
    CVE-2024-43997

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-43609

    Microsoft Office Spoofing Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43497

    DeepSpeed Remote Code Execution Vulnerability... Read more

    Affected Products : deepspeed
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.6

    MEDIUM
    CVE-2024-43480

    Azure Service Fabric for Linux Remote Code Execution Vulnerability... Read more

    Affected Products : linux_kernel azure_service_fabric
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-48911

    OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more

    Affected Products : opencanary
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9687

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-6757

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more

    Affected Products : website_builder
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43501

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-30117

    A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more

    Affected Products : bigfix_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294863 Results