Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-45056

    zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bi... Read more

    Affected Products : zksolc
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-45045

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the... Read more

    Affected Products : android online richdocumentscode
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 5.1

    MEDIUM
    CVE-2024-34463

    BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)... Read more

    Affected Products :
    • Published: Sep. 03, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5061

    The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escap... Read more

    Affected Products : enfold
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-2694

    The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with con... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-3998

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5879

    The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient inpu... Read more

    Affected Products : hubspot
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.1

    HIGH
    CVE-2024-39300

    Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.... Read more

    Affected Products : wab-i1750-ps_firmware wab-i1750-ps
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.1

    CRITICAL
    CVE-2024-8016

    The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attacke... Read more

    Affected Products : events_calendar_pro
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-8319

    The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_functio... Read more

    Affected Products : tourfic
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-7858

    The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authe... Read more

    Affected Products : media_library_folders
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-8252

    The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributo... Read more

    Affected Products : clean_login
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-8274

    The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it po... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 5.5

    MEDIUM
    CVE-2022-48944

    In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race v... Read more

    Affected Products : linux_kernel
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-8331

    A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to in... Read more

    Affected Products : rapidcms
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-8332

    A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can b... Read more

    Affected Products : sweet-cms
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 5.3

    MEDIUM
    CVE-2024-8370

    A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument force_serve_as with the inp... Read more

    Affected Products :
    • Published: Sep. 01, 2024
    • Modified: Sep. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-43861

    In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-43862

    In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. While it is held, framer_get_status() is called which in turn ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-43871

    In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), f... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 292238 Results