Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-5760

    The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.... Read more

    Affected Products : windows universal_print_driver
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 7.0

    HIGH
    CVE-2024-7312

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from... Read more

    Affected Products : payara
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8709

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8710

    A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argumen... Read more

    Affected Products : inventory_management
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 7.5

    HIGH
    CVE-2024-8711

    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information thro... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6017

    The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6018

    The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6019

    The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8522

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8529

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping ... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6700

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6701

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.2

    MEDIUM
    CVE-2024-6702

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.4

    MEDIUM
    CVE-2020-24061

    Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more

    Affected Products : kw5515_firmware kw5515
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 7.6

    HIGH
    CVE-2024-43966

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.... Read more

    Affected Products : wp_testimonial_widget
    • Published: Aug. 26, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8695

    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.... Read more

    Affected Products : desktop
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8696

    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.... Read more

    Affected Products : desktop
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-8605

    A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)<... Read more

    Affected Products : inventory_management
    • Published: Sep. 09, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-45406

    Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.... Read more

    Affected Products : craft_cms
    • Published: Sep. 09, 2024
    • Modified: Sep. 13, 2024

  • 7.2

    HIGH
    CVE-2024-44871

    An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : mozilocms
    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 292787 Results