Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-8126

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and... Read more

    Affected Products : advanced_file_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9173

    The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products : gf_custom_style
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9127

    The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : super_testimonials
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9125

    The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : king_ie
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9117

    The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more

    Affected Products : mapplic
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9115

    The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products : common_tools_for_site
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 7.2

    HIGH
    CVE-2022-4541

    The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : wordpress_visitors
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-9025

    The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. This makes it possib... Read more

    Affected Products : sight
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-8872

    The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthent... Read more

    Affected Products : store_hours_for_woocommerce
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-8861

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' a... Read more

    Affected Products : profilegrid
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-9297

    A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input train... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-9298

    A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the a... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-9299

    A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross sit... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 6.9

    MEDIUM
    CVE-2024-9300

    A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contact_us.php of the component Message Us Form. The manipulation of the argument fullname/ema... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-9315

    A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_department.php. The manipulation of the argument... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-9317

    A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql ... Read more

    Affected Products : online_eyewear_shop
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-9318

    A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/activate.php. The manipulation of the argument id leads to... Read more

    Affected Products : advocate_office_management_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-9319

    A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the argument timesheet leads to sql injection. It is poss... Read more

    Affected Products : online_timesheet_app
    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-9320

    A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the component Add Timesheet Form. The manipulation of the argument ... Read more

    Affected Products : online_timesheet_app
    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024

  • 6.9

    MEDIUM
    CVE-2024-9321

    A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php. The manipulation of the argument id leads to improper a... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024
Showing 20 of 291157 Results