Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-8151

    A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It... Read more

    Affected Products : interactive_map_with_marker
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8152

    A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argume... Read more

    Affected Products : qr_code_bookmark_system
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8153

    A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site ... Read more

    Affected Products : qr_code_bookmark_system
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8154

    A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_book... Read more

    Affected Products : qr_code_bookmark_system
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-43299

    Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.... Read more

    Affected Products : speedycache
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-12180

    A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remo... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-5417

    The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit... Read more

    Affected Products : gutentor
    • Published: Aug. 29, 2024
    • Modified: Oct. 07, 2024

  • 5.4

    MEDIUM
    CVE-2024-5987

    The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and includi... Read more

    Affected Products : wp_accessibility_helper
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-44919

    A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.... Read more

    Affected Products : seacms
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-8328

    Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scr... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-6585

    Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A thr... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-43412

    Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Use... Read more

    Affected Products : xibo
    • Published: Sep. 03, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-8121

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This ma... Read more

    Affected Products : wp_extended
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-8407

    A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of... Read more

    Affected Products : akademy
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-45177

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration i... Read more

    Affected Products :
    • Published: Sep. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-5309

    The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analyt... Read more

    Affected Products : form_vibes
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-44837

    A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more

    Affected Products : drug
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-6859

    The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-5416

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization a... Read more

    Affected Products : website_builder
    • Published: Sep. 11, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2020-24061

    Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more

    Affected Products : kw5515_firmware kw5515
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 291058 Results