Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-38209

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 22, 2024
    • Modified: Sep. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-38208

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : android edge edge_chromium
    • Published: Aug. 22, 2024
    • Modified: Sep. 19, 2024

  • 6.3

    MEDIUM
    CVE-2024-38207

    Microsoft Edge (HTML-based) Memory Corruption Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 23, 2024
    • Modified: Sep. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-1384

    The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and... Read more

    Affected Products : auxinportfolio
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 7.5

    HIGH
    CVE-2024-3679

    The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protect... Read more

    Affected Products : wp_seo_plugin
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-1056

    The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions u... Read more

    Affected Products : funnel_builder
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8302

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to ... Read more

    Affected Products : dingfanzu dingfanzu
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43144

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.... Read more

    Affected Products : cost_calculator_builder
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43917

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43922

    Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.... Read more

    Affected Products : nitropack
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-45696

    Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this me... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-45697

    Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.... Read more

    Affected Products : dir-x4860_firmware dir-x4860
    • Published: Sep. 16, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-34344

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 8.6

    HIGH
    CVE-2024-42352

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly par... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45457

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 19, 2024

  • 7.8

    HIGH
    CVE-2024-7553

    Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untru... Read more

    • Published: Aug. 07, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-41959

    mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to ... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 4.8

    MEDIUM
    CVE-2024-41960

    mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabli... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.3

    MEDIUM
    CVE-2024-34343

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also cont... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-6087

    An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These ... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024
Showing 20 of 291002 Results