Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-39694

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as ... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 7.5

    HIGH
    CVE-2024-41950

    Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 8.5

    HIGH
    CVE-2024-7324

    A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontro... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 9.4

    CRITICAL
    CVE-2024-7205

    When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.... Read more

    Affected Products : ewelink
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 7.2

    HIGH
    CVE-2024-6770

    The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-7135

    The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it... Read more

    Affected Products : tainacan
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 5.3

    MEDIUM
    CVE-2024-2508

    The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024
Showing 20 of 290027 Results