Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-9279

    A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting... Read more

    Affected Products : mee-admin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.9

    MEDIUM
    CVE-2024-43986

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9.... Read more

    Affected Products : ecab_taxi_booking_manager
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-3944

    The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with adm... Read more

    Affected Products : wp_to_do
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-5857

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-5987

    The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and includi... Read more

    Affected Products : wp_accessibility_helper
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 7.1

    HIGH
    CVE-2024-7341

    A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijac... Read more

    • Published: Sep. 09, 2024
    • Modified: Oct. 04, 2024

  • 8.6

    HIGH
    CVE-2024-20467

    A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to im... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.6

    HIGH
    CVE-2024-20480

    A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of se... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7732

    Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : dr.id_attendance_system
    • Published: Aug. 14, 2024
    • Modified: Oct. 03, 2024

  • 7.8

    HIGH
    CVE-2024-44967

    In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector s... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-8536

    The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : ultimate_blocks
    • Published: Sep. 30, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23923

    Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploi... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23935

    Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ab... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23961

    Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23924

    Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not requir... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 4.6

    MEDIUM
    CVE-2024-23960

    Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required ... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44968

    In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptib... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 7.4

    HIGH
    CVE-2024-20317

    A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-20475

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vu... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23958

    Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charg... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024
Showing 20 of 291222 Results