Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-50294

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, t... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-52417

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-51051

    AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 0.0

    NA
    CVE-2024-50290

    In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR regis... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 0.0

    NA
    CVE-2024-50295

    In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent which has dma_mask, ndev->dev.parent is just pdev->... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 4.3

    MEDIUM
    CVE-2024-43338

    Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-33231

    Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 4.3

    MEDIUM
    CVE-2024-51660

    Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.8

    HIGH
    CVE-2024-50804

    Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-11224

    The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.8

    HIGH
    CVE-2024-10204

    Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbit... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51904

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joan Boluda Embed documents shortcode allows Stored XSS.This issue affects Embed documents shortcode: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51912

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lilaea Media IntelliWidget Elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through 2.2.7.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51897

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erik Saulnier News Articles allows Stored XSS.This issue affects News Articles: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51893

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeAtelier Postify: Post Layout For Elementor allows DOM-Based XSS.This issue affects Postify: Post Layout For Elementor: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-52395

    Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51931

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketever AzonBox allows DOM-Based XSS.This issue affects AzonBox: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-52421

    Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51840

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rezaul haque Wd-image-magnifier-xoss allows DOM-Based XSS.This issue affects Wd-image-magnifier-xoss: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51936

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Henry ESB Testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 293544 Results