Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-45460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.... Read more

    Affected Products : flipping_cards
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 7.1

    HIGH
    CVE-2024-45459

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.... Read more

    Affected Products : product_slider_for_woocommerce
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-37779

    WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-44063

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.... Read more

    Affected Products : happyforms
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-0004

    A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-0003

    A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-0002

    A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-0001

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 7.1

    HIGH
    CVE-2024-44060

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.... Read more

    Affected Products : filmix
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-6339

    The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att... Read more

    Affected Products : phlox
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8797

    The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This m... Read more

    Affected Products : wp_booking_system
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2023-3410

    The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke... Read more

    Affected Products : bricks
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-6482

    The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action'... Read more

    Affected Products : login_with_phone_number
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-8680

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : mailchimp
    • Published: Sep. 21, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8770

    A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub... Read more

    Affected Products : enterprise_server
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8664

    The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attacker... Read more

    Affected Products : wp_test_email
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.3

    MEDIUM
    CVE-2024-7888

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in... Read more

    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-6386

    The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it p... Read more

    Affected Products : wpml
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-7384

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and ... Read more

    Affected Products : acymailing
    • Published: Aug. 22, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-7258

    The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authentica... Read more

    Affected Products : woocommerce_google_feed_manager
    • Published: Aug. 23, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 291117 Results