Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8718

    The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.6

    MEDIUM
    CVE-2024-44610

    PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-47560

    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it do... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-21531

    All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.1

    HIGH
    CVE-2024-8981

    The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0.... Read more

    Affected Products : broken_link_checker
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-8786

    The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-44017

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9441

    The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality ... Read more

    Affected Products : emerge_e3_firmware
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-9174

    Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI... Read more

    Affected Products : hubshare
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 8.6

    HIGH
    CVE-2024-41987

    The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative pr... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-9100

    Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.... Read more

    Affected Products : manageengine_analytics_plus
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-42504

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-45962

    October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code v... Read more

    Affected Products : october
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 5.8

    MEDIUM
    CVE-2024-47762

    Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. ... Read more

    Affected Products : backstage backstage
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.5

    MEDIUM
    CVE-2024-21530

    Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2024-47616

    Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) ... Read more

    Affected Products : pomerium
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 3.3

    LOW
    CVE-2024-0124

    NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a lim... Read more

    Affected Products : cuda_toolkit
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41925

    The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.3

    CRITICAL
    CVE-2024-45367

    The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-9266

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.... Read more

    Affected Products : express
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291219 Results