Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-44623

    An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.... Read more

    Affected Products : spx_graphics_controller
    • Published: Sep. 16, 2024
    • Modified: Sep. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-33109

    Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.... Read more

    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-40125

    An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.... Read more

    Affected Products : cless_server
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-45452

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1.... Read more

    Affected Products : septera
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43970

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.... Read more

    Affected Products : surecart
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43971

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 5.9

    MEDIUM
    CVE-2024-43972

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.... Read more

    Affected Products : pagelayer
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43975

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43983

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43987

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a through 3.6.... Read more

    Affected Products : sliding_door
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43988

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7.... Read more

    Affected Products : mystique
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43991

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webdzier Hotel Galaxy allows Stored XSS.This issue affects Hotel Galaxy: from n/a through 4.4.24.... Read more

    Affected Products : hotel_galaxy
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43992

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91.... Read more

    Affected Products : latepoint
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43993

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2.... Read more

    Affected Products : liquido
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.4

    HIGH
    CVE-2024-7383

    A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.... Read more

    Affected Products : enterprise_linux
    • Published: Aug. 05, 2024
    • Modified: Sep. 25, 2024

  • 5.5

    MEDIUM
    CVE-2024-42259

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 14, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-7593

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.... Read more

    Affected Products : virtual_traffic_management
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-44007

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates... Read more

    Affected Products : skt_templates
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44008

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12.... Read more

    Affected Products : geo_mashup
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44009

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.... Read more

    Affected Products : wcfm_marketplace
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024
Showing 20 of 291012 Results