Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-43917

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43922

    Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.... Read more

    Affected Products : nitropack
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-45696

    Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this me... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-45697

    Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.... Read more

    Affected Products : dir-x4860_firmware dir-x4860
    • Published: Sep. 16, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-34344

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 8.6

    HIGH
    CVE-2024-42352

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly par... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45457

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 19, 2024

  • 7.8

    HIGH
    CVE-2024-7553

    Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untru... Read more

    • Published: Aug. 07, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-41959

    mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to ... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 4.8

    MEDIUM
    CVE-2024-41960

    mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabli... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.3

    MEDIUM
    CVE-2024-34343

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also cont... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-6087

    An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These ... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 3.9

    LOW
    CVE-2024-45620

    A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized part... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 19, 2024

  • 7.1

    HIGH
    CVE-2024-45458

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 19, 2024

  • 5.9

    MEDIUM
    CVE-2024-45455

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more

    Affected Products : wp_meta_seo
    • Published: Sep. 15, 2024
    • Modified: Sep. 19, 2024

  • 6.7

    MEDIUM
    CVE-2024-31414

    The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injec... Read more

    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45456

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more

    Affected Products : wp_meta_seo
    • Published: Sep. 15, 2024
    • Modified: Sep. 19, 2024

  • 8.1

    HIGH
    CVE-2024-6862

    A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with lo... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-6867

    An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it ret... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 4.8

    MEDIUM
    CVE-2024-7655

    The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. T... Read more

    Affected Products : peepso
    • Published: Sep. 10, 2024
    • Modified: Sep. 19, 2024
Showing 20 of 293353 Results