Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2024-1744

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.... Read more

    Affected Products : accord_ors
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-5624

    Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session... Read more

    Affected Products : industrial_automation_aprol
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 7.8

    HIGH
    CVE-2024-5622

    An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.... Read more

    Affected Products : industrial_automation_aprol
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 7.8

    HIGH
    CVE-2024-5623

    An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.... Read more

    Affected Products : industrial_automation_aprol
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-45059

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.p... Read more

    Affected Products : i-educar
    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 8.1

    HIGH
    CVE-2024-45058

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to chang... Read more

    Affected Products : i-educar
    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-45057

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior... Read more

    Affected Products : i-educar
    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 7.5

    HIGH
    CVE-2024-45442

    Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 04, 2024
    • Modified: Sep. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-43797

    audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a pat... Read more

    Affected Products : audiobookshelf
    • Published: Sep. 02, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7261

    The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlie... Read more

    • Published: Sep. 03, 2024
    • Modified: Sep. 13, 2024

  • 5.0

    MEDIUM
    CVE-2024-44685

    Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.... Read more

    Affected Products : titan_sftp_server
    • Published: Sep. 13, 2024
    • Modified: Sep. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-7447

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in ... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-8195

    The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it po... Read more

    Affected Products : permalink_manager_lite
    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-20503

    A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileg... Read more

    Affected Products : duo_authentication_for_epic
    • Published: Sep. 04, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8368

    A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to... Read more

    • Published: Sep. 01, 2024
    • Modified: Sep. 13, 2024

  • 3.9

    LOW
    CVE-2024-45615

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 13, 2024

  • 3.9

    LOW
    CVE-2024-45616

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caus... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 13, 2024

  • 3.9

    LOW
    CVE-2024-45617

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-8276

    The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficie... Read more

    Affected Products : wpzoom_portfolio
    • Published: Aug. 31, 2024
    • Modified: Sep. 13, 2024

  • 9.1

    CRITICAL
    CVE-2024-7856

    The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'f... Read more

    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 292742 Results