Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    CVSS31
    CVE-2024-4709

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sani... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-4698

    The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-2782

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endp... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-2772

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitizati... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 9.8

    CVSS31
    CVE-2024-2771

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-4849

    The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-3812

    The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and ... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-3811

    The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 8.8

    CVSS31
    CVE-2024-3810

    The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above ... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-4891

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and ou... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-4374

    The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-3714

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient in... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.4

    CVSS31
    CVE-2024-4865

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 9.8

    CVSS30
    CVE-2024-4264

    A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 5.9

    CVSS31
    CVE-2024-23556

    SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. ... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 5.7

    CVSS31
    CVE-2024-23554

    Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). ... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: May. 18, 2024

  • 6.7

    CVSS31
    CVE-2024-23583

    An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. ... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: May. 17, 2024

  • 0.0

    NONE
    CVE-2024-35313

    In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: May. 17, 2024

  • 0.0

    NONE
    CVE-2024-35312

    In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: May. 17, 2024

  • 0.0

    NONE
    CVE-2024-25742

    In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: May. 17, 2024
Showing 20 of 502 Results