Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-7284

    A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross s... Read more

    Affected Products : lot_reservation_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 08, 2024

  • 7.2

    HIGH
    CVE-2024-7560

    The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with E... Read more

    Affected Products :
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-5668

    The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escapi... Read more

    Affected Products : foobox foobox
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 8.8

    HIGH
    CVE-2024-7486

    The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, wit... Read more

    Affected Products :
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-6552

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. Th... Read more

    Affected Products : amelia
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-7350

    The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging... Read more

    Affected Products : bookingpress
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 8.8

    HIGH
    CVE-2024-7561

    The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with C... Read more

    Affected Products :
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 8.8

    HIGH
    CVE-2024-6989

    Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 8.8

    HIGH
    CVE-2024-6994

    Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 8.8

    HIGH
    CVE-2024-6991

    Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 8.8

    HIGH
    CVE-2024-7000

    Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 7.8

    HIGH
    CVE-2024-23456

    Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 8.8

    HIGH
    CVE-2024-7552

    A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulati... Read more

    Affected Products : datagear
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 6.5

    MEDIUM
    CVE-2023-28806

    An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 7.8

    HIGH
    CVE-2024-23458

    While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 7.8

    HIGH
    CVE-2024-23460

    The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 7.2

    HIGH
    CVE-2024-23464

    In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-23483

    An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.... Read more

    Affected Products : client_connector
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-7440

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command inject... Read more

    Affected Products : cc8160_firmware cc8160
    • Published: Aug. 03, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-41616

    D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.... Read more

    Affected Products : dir-300_firmware dir-300
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024
Showing 20 of 291003 Results