Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-8621

    The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products : daily_prayer_time
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-8549

    The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible f... Read more

    Affected Products : simple_calendar
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 7.2

    HIGH
    CVE-2024-7617

    The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : contact_form_to_any_api
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-46655

    A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.... Read more

    Affected Products : ellevo
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 5.3

    MEDIUM
    CVE-2023-52950

    Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.5

    MEDIUM
    CVE-2023-52949

    Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.0

    MEDIUM
    CVE-2023-52948

    Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.0

    MEDIUM
    CVE-2023-52947

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to op... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.8

    MEDIUM
    CVE-2021-22518

    A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0... Read more

    Affected Products : identity_manager_azuread_driver
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 7.5

    HIGH
    CVE-2022-26322

    Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.... Read more

    Affected Products : identity_manager_rest_driver
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-45823

    CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate ad... Read more

    Affected Products : factorytalk_batch_view
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 9.0

    CRITICAL
    CVE-2024-0132

    NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use case... Read more

    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.1

    MEDIUM
    CVE-2024-0133

    NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful... Read more

    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 8.7

    HIGH
    CVE-2024-45825

    CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.... Read more

    Affected Products : 5015-u8ihft_firmware 5015-u8ihft
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-45826

    CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.... Read more

    Affected Products : thinmanager
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 7.5

    HIGH
    CVE-2024-9199

    Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS).... Read more

    Affected Products : clibo_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 7.6

    HIGH
    CVE-2024-9198

    Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.... Read more

    Affected Products : clibo_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.8

    MEDIUM
    CVE-2024-3635

    The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : the_post_grid
    • Published: Sep. 30, 2024
    • Modified: Oct. 02, 2024

  • 8.1

    HIGH
    CVE-2021-27916

    Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system ... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Oct. 02, 2024

  • 5.5

    MEDIUM
    CVE-2024-46824

    In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 02, 2024
Showing 20 of 291209 Results