Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-50468

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Robinson Raptor Editor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through 1.0.20.... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-49771

    MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be con... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-50432

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.93.... Read more

    Affected Products : post_grid
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-9629

    The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50431

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14.... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-10436

    The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level a... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-50052

    Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-47401

    Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10185

    The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10184

    The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2017-20195

    A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50413

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.... Read more

    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10227

    The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products : affiliate-toolkit
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-50482

    Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50412

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Stored XSS.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.1

    MEDIUM
    CVE-2024-10477

    A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The ... Read more

    Affected Products : pb-cms
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 7.1

    HIGH
    CVE-2024-49650

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in xarbo BuddyPress Greeting Message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 7.1

    HIGH
    CVE-2024-49648

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in rafasashi SVG Captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through 1.0.11.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10266

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-50418

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 293610 Results