Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2024-47884

    foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits count... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-48033

    Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.5

    HIGH
    CVE-2024-8070

    CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary... Read more

    Affected Products :
    • Published: Oct. 13, 2024
    • Modified: Oct. 15, 2024

  • 8.5

    HIGH
    CVE-2024-48040

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8.... Read more

    Affected Products : tainacan
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-44414

    A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-8915

    The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-7847

    VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the a... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-9860

    The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it p... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-47353

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.... Read more

    Affected Products : elementsready
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.9

    MEDIUM
    CVE-2024-47885

    The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-contro... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 8.6

    HIGH
    CVE-2024-9139

    The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9824

    The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. Thi... Read more

    Affected Products : imagepress
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9656

    The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9592

    The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 7.3

    HIGH
    CVE-2024-9837

    The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly val... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-48041

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9982

    AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database c... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9924

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .... Read more

    Affected Products : oaklouds_portal
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-9821

    The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 5.3

    MEDIUM
    CVE-2024-8760

    The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulti... Read more

    Affected Products : stackable
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 291358 Results