Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-45311

    Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an u... Read more

    Affected Products : quinn
    • Published: Sep. 02, 2024
    • Modified: Sep. 25, 2024

  • 7.5

    HIGH
    CVE-2024-46382

    A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.... Read more

    Affected Products : litemall
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-46394

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add... Read more

    Affected Products : frogcms
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 8.5

    HIGH
    CVE-2024-45752

    logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interact... Read more

    Affected Products : logiops
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9031

    A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scri... Read more

    Affected Products : crmgo_saas
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-47060

    Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these a... Read more

    Affected Products : zitadel
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024

  • 5.8

    MEDIUM
    CVE-2024-7625

    In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the ... Read more

    Affected Products : nomad
    • Published: Aug. 15, 2024
    • Modified: Sep. 25, 2024

  • 5.9

    MEDIUM
    CVE-2024-43999

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.... Read more

    Affected Products : ninja_forms
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8364

    The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products : wp_custom_fields_search
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-31570

    libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.... Read more

    Affected Products : freeimage
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-44623

    An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.... Read more

    Affected Products : spx_graphics_controller
    • Published: Sep. 16, 2024
    • Modified: Sep. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-33109

    Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.... Read more

    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-40125

    An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.... Read more

    Affected Products : cless_server
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-45452

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1.... Read more

    Affected Products : septera
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43970

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.... Read more

    Affected Products : surecart
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43971

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 5.9

    MEDIUM
    CVE-2024-43972

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.... Read more

    Affected Products : pagelayer
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-43975

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43983

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43987

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a through 3.6.... Read more

    Affected Products : sliding_door
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024
Showing 20 of 291022 Results