Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-9481

    An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-9591

    The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : category_and_taxonomy_image
    • Published: Oct. 22, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-9170

    The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user suppli... Read more

    Affected Products : booster_for_woocommerce
    • Published: Nov. 26, 2024
    • Modified: Feb. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-8846

    PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8819

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8824

    PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8839

    PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8848

    PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8820

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8645

    SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Sep. 10, 2024
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2024-8828

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Nov. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-8722

    The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products : wp_all_import
    • Published: Jan. 19, 2025
    • Modified: Jan. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-8822

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Nov. 22, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-8270

    The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automatio... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-8216

    A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulat... Read more

    • Published: Aug. 27, 2024
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2024-8011

    Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.... Read more

    Affected Products : options\+
    • Published: Aug. 25, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-7775

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode functi... Read more

    Affected Products : contact_form_builder
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-7236

    AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability... Read more

    Affected Products : antivirus
    • Published: Nov. 22, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-6986

    A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-6661

    The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293589 Results