Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-9081

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The manipulation of the argument id leads to sql injection. Th... Read more

    Affected Products : online_eyewear_shop
    • Published: Sep. 22, 2024
    • Modified: Sep. 27, 2024

  • 7.3

    HIGH
    CVE-2024-8479

    The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This make... Read more

    Affected Products : simple_spoiler
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-9038

    A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimag... Read more

    Affected Products : online_shopping_portal
    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-8669

    The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on th... Read more

    Affected Products : backuply
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-9039

    A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstna... Read more

    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-9041

    A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/e... Read more

    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-9033

    A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument... Read more

    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8724

    The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it pos... Read more

    Affected Products : waitlist_woocommerce
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-9094

    A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be i... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-9040

    A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack ... Read more

    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-44062

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.... Read more

    Affected Products : custom_field_template
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-44059

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.... Read more

    Affected Products : custom_query_blocks
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 7.1

    HIGH
    CVE-2024-44053

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.... Read more

    Affected Products : opor_ayam
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-47058

    With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-47050

    Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-0005

    A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.... Read more

    Affected Products : purity\/\/fa purity\/\/fb
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 7.3

    HIGH
    CVE-2021-27917

    Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 27, 2024

  • 5.9

    MEDIUM
    CVE-2024-45460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.... Read more

    Affected Products : flipping_cards
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 7.1

    HIGH
    CVE-2024-45459

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.... Read more

    Affected Products : product_slider_for_woocommerce
    • Published: Sep. 15, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-37779

    WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 291209 Results