Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-10187

    The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl... Read more

    Affected Products : mycred
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-49773

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post`... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-49772

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.5

    HIGH
    CVE-2024-10839

    Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-50333

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data int... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 6.8

    MEDIUM
    CVE-2024-40239

    An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : life
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.8

    MEDIUM
    CVE-2024-40240

    An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : homeserve
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-51152

    File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.... Read more

    Affected Products : laravel_cms
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-10325

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it po... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26305

    CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.... Read more

    Affected Products : commonregexjs
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26304

    Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.... Read more

    Affected Products : foundation
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 5.1

    MEDIUM
    CVE-2024-50559

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26303

    insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.... Read more

    Affected Products : insane
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-50558

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-50557

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-9440

    Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depen... Read more

    Affected Products : slim_select
    • Published: Oct. 02, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50461

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14.... Read more

    Affected Products : embedpress
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-50460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through 2.3.3.... Read more

    Affected Products : firelight_lightbox
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50458

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through 3.4.... Read more

    Affected Products : advanced_sermons
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50451

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF):... Read more

    Affected Products : meta_data_and_taxonomies_filter
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 291265 Results