Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-44051

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through ... Read more

    Affected Products : content_blocks
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-45451

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0.... Read more

    Affected Products : roseta
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 8.1

    HIGH
    CVE-2024-47000

    Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized acces... Read more

    Affected Products : zitadel
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.3

    HIGH
    CVE-2024-46999

    Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Addit... Read more

    Affected Products : zitadel
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45809

    Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cach... Read more

    Affected Products : envoy
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45810

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during ... Read more

    Affected Products : envoy
    • Published: Sep. 20, 2024
    • Modified: Sep. 24, 2024

  • 5.9

    MEDIUM
    CVE-2024-43985

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a t... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-44004

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more

    Affected Products : track_\&_trace
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-43977

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: fro... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44064

    Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.... Read more

    Affected Products : like_button_rating
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2023-36103

    Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 10, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-47159

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 7.8

    HIGH
    CVE-2024-31960

    An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-47160

    In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-47162

    In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-8146

    A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The ... Read more

    • Published: Aug. 25, 2024
    • Modified: Sep. 24, 2024

  • 6.4

    MEDIUM
    CVE-2024-4283

    An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAut... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45395

    sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the ... Read more

    Affected Products : sigstore-go
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-6685

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2024
    • Modified: Sep. 24, 2024

  • 6.1

    MEDIUM
    CVE-2024-45399

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability durin... Read more

    Affected Products : indico
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024
Showing 20 of 291128 Results