Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-51835

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajinkya N OpenCart Product Display allows Stored XSS.This issue affects OpenCart Product Display: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51838

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jon Smajda Pull This allows DOM-Based XSS.This issue affects Pull This: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51933

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Ladewig Cookie Nonsense for YT allows DOM-Based XSS.This issue affects Cookie Nonsense for YT: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51932

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saif Bin-Alam Kings Tab Slider allows DOM-Based XSS.This issue affects Kings Tab Slider: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51860

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Stored XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51853

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberuni Azad Faltu Testimonial Rotator allows DOM-Based XSS.This issue affects Faltu Testimonial Rotator: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51846

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Simpson Community Yard Sale allows Stored XSS.This issue affects Community Yard Sale: from n/a through 1.1.11.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51869

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Gutenium Blocks allows Stored XSS.This issue affects Gutenium Blocks: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51870

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aniketji007 Ultimate Flipbox Addon for Elementor allows Stored XSS.This issue affects Ultimate Flipbox Addon for Elementor: from n/a through .4.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51864

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51850

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through 0.5.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51928

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakir Hasan Blocks Post Grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51930

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51935

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Perrow Fast Video and Image Display allows DOM-Based XSS.This issue affects Fast Video and Image Display: from n/a through 2.5.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-11247

    A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The man... Read more

    Affected Products : online_eyewear_shop
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.0

    HIGH
    CVE-2024-11248

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer over... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.2

    HIGH
    CVE-2024-39726

    IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or co... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11256

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-11259

    A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remot... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-46613

    WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_sp... Read more

    Affected Products : weechat
    • Published: Nov. 10, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 293584 Results