Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9221

    The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers t... Read more

    Affected Products : tainacan
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9543

    The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products : powerpress
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47505

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-47501

    A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Se... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47504

    An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered S... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.2

    HIGH
    CVE-2024-47490

    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consump... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47508

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 4.9

    MEDIUM
    CVE-2024-9507

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input valida... Read more

    Affected Products : contact_form_builder
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-39534

    An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address o... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-47496

    A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause ... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.5

    HIGH
    CVE-2024-48020

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.... Read more

    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-8915

    The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 5.9

    MEDIUM
    CVE-2024-47885

    The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-contro... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 8.6

    HIGH
    CVE-2024-9139

    The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9824

    The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. Thi... Read more

    Affected Products : imagepress
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9656

    The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 7.3

    HIGH
    CVE-2024-9837

    The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly val... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-47353

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.... Read more

    Affected Products : elementsready
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-48041

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 291274 Results