Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-5024

    The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : memberpress memberpress
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-2881

    Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privi... Read more

    Affected Products : linux_kernel windows wolfssl
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-1545

    Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileg... Read more

    Affected Products : linux_kernel windows wolfssl
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-1543

    The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line reso... Read more

    Affected Products : wolfssl
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-6672

    In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.... Read more

    Affected Products : whatsup_gold
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41345

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-43947

    Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.... Read more

    Affected Products : wp_armour wp_armour_extended
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 7.1

    HIGH
    CVE-2024-43921

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.... Read more

    Affected Products : magic_post_thumbnail
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-43920

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.... Read more

    Affected Products : gutenverse
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43941

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.... Read more

    Affected Products : propovoice
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-43776

    SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-43775

    SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-43774

    SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43773

    SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-45588

    This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating para... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-45587

    This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulat... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.2

    CRITICAL
    CVE-2024-45586

    This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulati... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-44946

    In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-43884

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding e... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-43853

    In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 04, 2024
Showing 20 of 291902 Results