Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-42611

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42613

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42617

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42618

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42621

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 7.5

    HIGH
    CVE-2024-43380

    fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse ... Read more

    Affected Products : fugit
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 3.4

    LOW
    CVE-2024-43379

    TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the a... Read more

    Affected Products : trufflehog
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7921

    A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The ma... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44076

    In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.... Read more

    Affected Products : microcks
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7920

    A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation lead... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 7.2

    HIGH
    CVE-2024-7917

    A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_fa... Read more

    Affected Products : douphp
    • Published: Aug. 18, 2024
    • Modified: Aug. 21, 2024

  • 4.4

    MEDIUM
    CVE-2024-6322

    Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific data... Read more

    Affected Products : grafana
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-43403

    Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created Clust... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-6767

    The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-7090

    The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.2

    HIGH
    CVE-2024-7134

    The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43870

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while a... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43876

    In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43881

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43875

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 v... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 294733 Results