Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-47179

    RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 6... Read more

    Affected Products : rsshub
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 6.5

    MEDIUM
    CVE-2024-20414

    A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is ... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-8514

    The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authen... Read more

    Affected Products : google_website_translator
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9068

    The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : oneelements
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9028

    The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : wp_gpx_maps
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9027

    The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products : wpzoom_shortcodes
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9069

    The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0... Read more

    Affected Products : graphicsly
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-7385

    The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex... Read more

    Affected Products : wordpress_simple_html_sitemap
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9073

    The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : free_gutenberg_blocks
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-8516

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and abo... Read more

    Affected Products : themesflat_addons_for_elementor
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-8515

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficie... Read more

    Affected Products : themesflat_addons_for_elementor
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8275

    The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack o... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 5.3

    MEDIUM
    CVE-2024-8678

    The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for ... Read more

    Affected Products : revolut_gateway_for_woocommerce
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.5

    MEDIUM
    CVE-2024-47303

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-8546

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-8858

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products : addons_for_elementor
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 5.3

    MEDIUM
    CVE-2024-8658

    The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due ... Read more

    Affected Products : mycred
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-3866

    The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products : ninja_forms
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-8290

    The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9024

    The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products : material_design_icons
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024
Showing 20 of 291209 Results