Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-46280

    PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2024-47071

    OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-45408

    eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something... Read more

    Affected Products : elabftw
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.1

    HIGH
    CVE-2024-41673

    Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.... Read more

    Affected Products : decidim
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41276

    A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentia... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8324

    The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9304

    The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.3

    MEDIUM
    CVE-2024-46548

    TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-8786

    The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-21531

    All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-47560

    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it do... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-9333

    Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-9423

    Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-35294

    An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41925

    The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-35293

    An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-47614

    async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability i... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 8.0

    HIGH
    CVE-2024-8733

    A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.3

    CRITICAL
    CVE-2024-41988

    TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 3.5

    LOW
    CVE-2024-47612

    DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-fai... Read more

    Affected Products : datadump
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291401 Results