Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-22496

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.... Read more

    Affected Products : jfinalcms
    • Published: Jan. 23, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22491

    A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.... Read more

    Affected Products : beetl-bbs
    • Published: Jan. 16, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-22365

    linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.... Read more

    Affected Products : linux-pam
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-22108

    An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Ad... Read more

    Affected Products : gtb_central_console
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-22075

    Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.... Read more

    Affected Products : firefly_iii
    • Published: Jan. 05, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-22021

    Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. ... Read more

    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-11083

    The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from ... Read more

    Affected Products : profilepress
    • Published: Nov. 27, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-11024

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to upda... Read more

    Affected Products : apppresser
    • Published: Nov. 26, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11199

    The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : rescue_shortcodes
    • Published: Nov. 23, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-10802

    The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthentic... Read more

    Affected Products : hash_elements
    • Published: Nov. 13, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-10627

    The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for u... Read more

    Affected Products : woocommerce_support_ticket_system
    • Published: Nov. 09, 2024
    • Modified: Jun. 05, 2025

  • 6.3

    MEDIUM
    CVE-2024-9943

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several func... Read more

    Affected Products : multivendorx
    • Published: Oct. 24, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-9531

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, a... Read more

    Affected Products : multivendorx
    • Published: Oct. 24, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-9940

    The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticate... Read more

    Affected Products : calculated_fields_form
    • Published: Oct. 17, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-6704

    The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such a... Read more

    Affected Products : wpdiscuz
    • Published: Aug. 02, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-4892

    The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products : buddypress
    • Published: Jun. 12, 2024
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2024-22911

    A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-22895

    DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.... Read more

    Affected Products : dedecms
    • Published: Jan. 22, 2024
    • Modified: Jun. 05, 2025

  • 7.0

    HIGH
    CVE-2024-22795

    Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.... Read more

    Affected Products : secureconnector
    • Published: Feb. 08, 2024
    • Modified: Jun. 05, 2025

  • 4.8

    MEDIUM
    CVE-2024-22720

    Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.... Read more

    Affected Products : kanboard
    • Published: Jan. 24, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292768 Results