Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2024-42029

    xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.5

    CVSS31
    CVE-2024-6661

    The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 6.4

    CVSS31
    CVE-2024-6634

    The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.8

    CVSS31
    CVE-2024-6591

    The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to,... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6573

    The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/intel/realtime/index.php file and display_errors being ena... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6566

    The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabl... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6549

    The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6548

    The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6547

    The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6546

    The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for un... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-6545

    The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 8.8

    CVSS31
    CVE-2024-6431

    The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for au... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 8.8

    CVSS31
    CVE-2024-6152

    The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.4

    CVSS31
    CVE-2024-4410

    The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wi... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 4.3

    CVSS31
    CVE-2024-1804

    The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 5.3

    CVSS31
    CVE-2024-1798

    The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Jul. 27, 2024

  • 0.0

    NONE
    CVE-2024-40433

    Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Jul. 26, 2024

  • 0.0

    NONE
    CVE-2024-37034

    An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Jul. 26, 2024

  • 7.4

    CVSS31
    CVE-2024-41815

    Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in b... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Jul. 26, 2024

  • 0.0

    NONE
    CVE-2024-41628

    Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Jul. 26, 2024
Showing 20 of 129 Results