Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-49668

    Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-49669

    Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.7

    HIGH
    CVE-2024-49657

    Missing Authorization vulnerability in ReneeCussack 3D Work In Progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-49652

    Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-49658

    Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-49653

    Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.6

    MEDIUM
    CVE-2024-49676

    Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from n/a through 0.3.3.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 8.6

    HIGH
    CVE-2024-20260

    A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticate... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.0

    MEDIUM
    CVE-2024-20370

    A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrativ... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-8667

    The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and includ... Read more

    Affected Products : hurrytimer
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8959

    The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 9.3

    CRITICAL
    CVE-2024-48548

    The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.4

    HIGH
    CVE-2024-48546

    Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-10176

    The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-10112

    The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 25, 2024

  • 5.5

    MEDIUM
    CVE-2024-47173

    Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-40595

    An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by ... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.4

    HIGH
    CVE-2024-48545

    Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-49703

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Event Manager for WooCommerce allows Stored XSS.This issue affects Event Manager for WooCommerce: from n/a through 4.2.5.... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-9650

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : wp_recipe_maker
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024
Showing 20 of 291741 Results