Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-0875

    A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient view... Read more

    Affected Products : openemr
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.7

    HIGH
    CVE-2024-9409

    CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.... Read more

    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 4.8

    MEDIUM
    CVE-2024-52268

    Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.... Read more

    Affected Products : vk_all_in_one_expansion_unit
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 4.8

    MEDIUM
    CVE-2023-2332

    A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious... Read more

    Affected Products : pimcore
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9668

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 5.9

    MEDIUM
    CVE-2023-4679

    A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash... Read more

    Affected Products : gpac
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.9

    MEDIUM
    CVE-2024-0787

    phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044... Read more

    Affected Products : phpipam
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9059

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-10877

    The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This mak... Read more

    Affected Products : advanced_form_integration
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11213

    A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible t... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-11212

    A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument ba... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9682

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-10571

    The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary ... Read more

    Affected Products : chartify
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-48284

    A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searc... Read more

    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2021-3987

    An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the ... Read more

    Affected Products : calibre-web
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2021-3988

    A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user inpu... Read more

    Affected Products : calibre-web
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.4

    HIGH
    CVE-2022-31671

    Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authent... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11214

    A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted u... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11028

    The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current use... Read more

    Affected Products : multimanager_wp
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 4.3

    MEDIUM
    CVE-2021-3991

    An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended per... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291360 Results