Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-9136

    Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2024-47294

    Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2024-47293

    Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 6.2

    MEDIUM
    CVE-2024-47292

    Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.6

    MEDIUM
    CVE-2024-47291

    Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-47290

    Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-8633

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This mak... Read more

    Affected Products : form_maker
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.8

    MEDIUM
    CVE-2024-8725

    Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possib... Read more

    Affected Products : advanced_file_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 7.2

    HIGH
    CVE-2024-8704

    The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access... Read more

    Affected Products : advanced_file_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-7260

    An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believ... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Sep. 09, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2023-6841

    A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values... Read more

    • Published: Sep. 10, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-8126

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and... Read more

    Affected Products : advanced_file_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9173

    The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products : gf_custom_style
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9127

    The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : super_testimonials
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9125

    The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : king_ie
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9117

    The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more

    Affected Products : mapplic
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9115

    The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products : common_tools_for_site
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 7.2

    HIGH
    CVE-2022-4541

    The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : wordpress_visitors
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-9025

    The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. This makes it possib... Read more

    Affected Products : sight
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-8872

    The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthent... Read more

    Affected Products : store_hours_for_woocommerce
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024
Showing 20 of 291222 Results