Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-44011

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.9

    MEDIUM
    CVE-2024-47848

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9417

    The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthen... Read more

    Affected Products : hash_form
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44016

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44012

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 8.0

    HIGH
    CVE-2024-47319

    Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.... Read more

    Affected Products : bit_form
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 4.3

    MEDIUM
    CVE-2024-45250

    ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-45247

    Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47341

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8.... Read more

    Affected Products : wp-downloadmanager
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47379

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.8

    HIGH
    CVE-2024-45245

    Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 5.9

    MEDIUM
    CVE-2024-44036

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.... Read more

    Affected Products : kodex_posts_likes
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47348

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6... Read more

    Affected Products : yellowpencil
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47388

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18.... Read more

    Affected Products : affiliate_program_suite
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47322

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal time... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47629

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5.... Read more

    Affected Products : ultimate_store_kit
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47386

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: fro... Read more

    Affected Products : wp_extended
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47329

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.... Read more

    Affected Products : elementsready
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47382

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47626

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 291305 Results