Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-51814

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 野人 活动链接推广插件 allows DOM-Based XSS.This issue affects 活动链接推广插件: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-52422

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3.... Read more

    Affected Products : wp_githuber_md
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-7836

    The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Cont... Read more

    Affected Products : themify_builder builder
    • Published: Aug. 22, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-11240

    A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to ... Read more

    Affected Products : ibwebadmin
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-52308

    The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remot... Read more

    Affected Products : cli
    • Published: Nov. 14, 2024
    • Modified: Nov. 20, 2024

  • 7.5

    HIGH
    CVE-2024-49754

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a ne... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-39610

    Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.... Read more

    Affected Products : fitnesse
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-9356

    The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanit... Read more

    Affected Products : yotpo
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-10825

    The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-52423

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3.... Read more

    Affected Products : builder
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-48897

    A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 7.1

    HIGH
    CVE-2024-52424

    Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0.... Read more

    Affected Products : wp-login_customizer
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-48896

    A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format ... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-48898

    A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-48901

    A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-10924

    The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_logi... Read more

    Affected Products : really_simple_security
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-52425

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Urchenko Drozd – Addons for Elementor allows Stored XSS.This issue affects Drozd – Addons for Elementor: from n/a through 1.1.1.... Read more

    Affected Products : drozd
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-52426

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through 2.7.11.... Read more

    Affected Products : linear
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51497

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when c... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51495

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when e... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024
Showing 20 of 291384 Results