Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-44018

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.9

    MEDIUM
    CVE-2024-47848

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44016

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47386

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: fro... Read more

    Affected Products : wp_extended
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47650

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1.... Read more

    Affected Products : wp-webauthn
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47621

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10.... Read more

    Affected Products : zotpress
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47629

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5.... Read more

    Affected Products : ultimate_store_kit
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-47344

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47348

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6... Read more

    Affected Products : yellowpencil
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47388

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18.... Read more

    Affected Products : affiliate_program_suite
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47301

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bit Form Bit Form – Contact Form Plugin allows Stored XSS.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47369

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Social Auto Poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through 5.3.15.... Read more

    Affected Products : social_auto_poster
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47393

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 4.7

    MEDIUM
    CVE-2024-47646

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-44028

    Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 7.3

    HIGH
    CVE-2023-6362

    A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a l... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 5.9

    MEDIUM
    CVE-2024-47623

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47642

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1.... Read more

    Affected Products : official_opt-in_forms
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-44024

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47633

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 291401 Results