Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-10486

    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-21539

    Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51940

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-52587

    StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52346

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Méndez Veira SimpleGMaps allows Stored XSS.This issue affects SimpleGMaps: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52348

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aaextention AA Audio Player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51821

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE – Client Logo Carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52339

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 0.0

    NA
    CVE-2024-50290

    In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR regis... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51810

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51806

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shingo Suzumura at Fitness Website Formula Awesome Fitness Testimonials allows Stored XSS.This issue affects Awesome Fitness Testimonials: from n/a throu... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51809

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Rood Keymaster Chord Notation Free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51828

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel J Griffiths Beacon For Help Scout allows DOM-Based XSS.This issue affects Beacon For Help Scout: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51801

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jake Brown Brand my Footer allows DOM-Based XSS.This issue affects Brand my Footer: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51816

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saul Morales Pacheco Banner System allows Stored XSS.This issue affects Banner System: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51797

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Ultimate Accordion allows DOM-Based XSS.This issue affects Ultimate Accordion: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 0.0

    NA
    CVE-2024-50295

    In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent which has dma_mask, ndev->dev.parent is just pdev->... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51807

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress – Eas... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51813

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anantaddons, Anantsites Anant Addons for Elementor allows DOM-Based XSS.This issue affects Anant Addons for Elementor: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51803

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 293643 Results