Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10121

    A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initia... Read more

    Affected Products : radar
    • Published: Oct. 18, 2024
    • Modified: Oct. 30, 2024

  • 7.8

    HIGH
    CVE-2024-48605

    An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.... Read more

    Affected Products : helakuru
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 4.9

    MEDIUM
    CVE-2019-25218

    The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient p... Read more

    • Published: Oct. 19, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-49373

    No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.... Read more

    Affected Products : centurion_erp
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-10129

    A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It i... Read more

    Affected Products : shudong-share shudong-share
    • Published: Oct. 18, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2016-15042

    The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file`... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-9061

    The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the s... Read more

    Affected Products : wp_popup_builder
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 8.4

    HIGH
    CVE-2023-22649

    A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, onl... Read more

    Affected Products : rancher rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2020-36840

    The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This ma... Read more

    Affected Products : timetable_and_event_schedule
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2020-36842

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers ... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 5.3

    MEDIUM
    CVE-2017-20194

    The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entri... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 7.1

    HIGH
    CVE-2024-45715

    The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.... Read more

    Affected Products : solarwinds_platform
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 7.1

    HIGH
    CVE-2021-4452

    The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : google_language_translator
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-9540

    The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated atta... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 6.1

    MEDIUM
    CVE-2017-20193

    The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta... Read more

    Affected Products : product_vendors
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-47171

    Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file up... Read more

    Affected Products : agnai
    • Published: Sep. 26, 2024
    • Modified: Oct. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-46538

    A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more

    Affected Products : pfsense
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-50616

    Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information.... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-50615

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-50614

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 291358 Results