Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-45843

    Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5567

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... Read more

    Affected Products : betheme
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-8480

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it po... Read more

    Affected Products : sirv
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7770

    The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5... Read more

    Affected Products : file_manager
    • Published: Sep. 10, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-7493

    The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for u... Read more

    Affected Products : wpcom_member
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8716

    The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for un... Read more

    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8738

    The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated... Read more

    Affected Products : seriously_simple_stats
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-8795

    The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unau... Read more

    Affected Products : ba_book_everything
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 7.3

    HIGH
    CVE-2024-8623

    The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly valida... Read more

    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-7599

    The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : advanced_sermons
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 9.9

    CRITICAL
    CVE-2024-8624

    The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied... Read more

    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-7611

    The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitizati... Read more

    Affected Products : enter_addons
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8628

    The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficien... Read more

    Affected Products : mailoptin
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 9.1

    CRITICAL
    CVE-2024-8671

    The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthen... Read more

    Affected Products : wooevents
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-6849

    The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products : preloader_plus
    • Published: Sep. 07, 2024
    • Modified: Sep. 26, 2024

  • 7.5

    HIGH
    CVE-2024-44825

    Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9080

    A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possibl... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9079

    A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initi... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9078

    A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be in... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-8538

    The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible ... Read more

    Affected Products : big_file_uploads
    • Published: Sep. 07, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291128 Results