Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-1730

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images... Read more

    Affected Products : prime_slider
    • Published: Apr. 20, 2024
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22856

    A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests.... Read more

    Affected Products : caldera
    • Published: Apr. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-4174

    Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.... Read more

    Affected Products :
    • Published: Apr. 25, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4304

    A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-33102

    A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.... Read more

    Affected Products : thinksaas
    • Published: Apr. 30, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-33307

    SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-4203

    The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : premium_addons_for_elementor
    • Published: May. 02, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-7065

    The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX acti... Read more

    Affected Products :
    • Published: May. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-33829

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.... Read more

    Affected Products : idccms idccms
    • Published: May. 06, 2024
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-28781

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web U... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: May. 14, 2024
    • Modified: Jan. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-34899

    WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : avideo
    • Published: May. 14, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-3722

    The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4721

    A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scri... Read more

    • Published: May. 14, 2024
    • Modified: Feb. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-4729

    A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/expense-type. The manipulation of the argument name leads to cross site scripting. The... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-32077

    Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.... Read more

    Affected Products : airflow
    • Published: May. 14, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-3241

    The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : ultimate_blocks
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-3189

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' block... Read more

    Affected Products : gutenberg_blocks_with_ai
    • Published: May. 15, 2024
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-34913

    An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : r-pan-scaffolding
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9866

    The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorizat... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-33527

    A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 291275 Results