Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-50534

    Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain Shah World Prayer Time allows Stored XSS.This issue affects World Prayer Time: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50537

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Marra Smart Mockups allows Stored XSS.This issue affects Smart Mockups: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50547

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themedy Themedy Toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through 1.0.16.... Read more

    Affected Products : toolbox
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50538

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irfan Ardiansah Show Visitor IP Address allows Stored XSS.This issue affects Show Visitor IP Address: from n/a through 0.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50541

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyS... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-50519

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visser Labs Jigoshop – Store Exporter allows Reflected XSS.This issue affects Jigoshop – Store Exporter: from n/a through 1.5.8.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50543

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amazing Team amazing neo icon font for elementor allows DOM-Based XSS.This issue affects amazing neo icon font for elementor: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-50532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jerin K Alexander Events Manager Pro – extended allows Reflected XSS.This issue affects Events Manager Pro – extended: from n/a through 0.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50553

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through 1.2.7.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50542

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50536

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Intuitive Design GDReseller allows DOM-Based XSS.This issue affects GDReseller: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50552

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Pancake Hover Video Preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-50551

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia EndomondoWP allows Stored XSS.This issue affects EndomondoWP: from n/a through 0.1.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-52417

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-49689

    Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through 0.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-52587

    StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52346

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Méndez Veira SimpleGMaps allows Stored XSS.This issue affects SimpleGMaps: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52348

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aaextention AA Audio Player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51833

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noman Akhtar Easy Social Sharebar allows Stored XSS.This issue affects Easy Social Sharebar: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-10486

    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 293649 Results