Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2024-7383

    A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.... Read more

    Affected Products : enterprise_linux
    • Published: Aug. 05, 2024
    • Modified: Sep. 25, 2024

  • 5.5

    MEDIUM
    CVE-2024-42259

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 14, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-7593

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.... Read more

    Affected Products : virtual_traffic_management
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-44007

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates... Read more

    Affected Products : skt_templates
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44008

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12.... Read more

    Affected Products : geo_mashup
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44009

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.... Read more

    Affected Products : wcfm_marketplace
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44047

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2.... Read more

    Affected Products : impress_for_idx_broker
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44049

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg... Read more

    Affected Products : gutenberg_blocks
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44050

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3.... Read more

    Affected Products : verbosa
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-44051

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through ... Read more

    Affected Products : content_blocks
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-45451

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0.... Read more

    Affected Products : roseta
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 8.1

    HIGH
    CVE-2024-47000

    Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized acces... Read more

    Affected Products : zitadel
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.3

    HIGH
    CVE-2024-46999

    Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Addit... Read more

    Affected Products : zitadel
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45809

    Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cach... Read more

    Affected Products : envoy
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45810

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during ... Read more

    Affected Products : envoy
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 5.9

    MEDIUM
    CVE-2024-43985

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a t... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-44004

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more

    Affected Products : track_\&_trace
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-43977

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: fro... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44064

    Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.... Read more

    Affected Products : like_button_rating
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2023-36103

    Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 10, 2024
    • Modified: Sep. 24, 2024
Showing 20 of 291117 Results