Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    CVSS31
    CVE-2024-52897

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.1

    CVSS31
    CVE-2024-11688

    The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-11287

    The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-12408

    The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-11806

    The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11682

    The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-12262

    The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-11975

    The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes i... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-11331

    The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes i... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11812

    The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possib... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11808

    The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    CVSS31
    CVE-2024-11811

    The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.9

    CVSS31
    CVE-2024-11722

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 5.9

    CVSS31
    CVE-2024-56356

    In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.7

    CVSS31
    CVE-2020-6923

    The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    CVSS31
    CVE-2024-44298

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-56353

    In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44293

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-56354

    In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44292

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 162 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 16:46