Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-5789

    The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : triton_lite
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5870

    The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : tweaker5
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-7816

    The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : gixaw_chat
    • Published: Sep. 12, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5884

    The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : beauty
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7423

    The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthentica... Read more

    Affected Products : stream
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8714

    The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes i... Read more

    Affected Products : affiliate_program_suite
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8732

    The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated a... Read more

    Affected Products : roles_\&_capabilities
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8730

    The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attacker... Read more

    Affected Products : exit_notifier
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8731

    The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : cron_jobs
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.3

    HIGH
    CVE-2024-45750

    An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Cli... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8734

    The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated a... Read more

    Affected Products : lucas_string_replace
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-8747

    The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : email_obfuscate_shortcode
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8737

    The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated ... Read more

    Affected Products : pdf_thumbnail_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.1

    HIGH
    CVE-2024-45606

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-45605

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scope... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-47088

    This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which co... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 8.7

    HIGH
    CVE-2024-47089

    This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-8891

    An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.... Read more

    Affected Products : q-smt_firmware q-smt
    • Published: Sep. 18, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-47145

    Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-47003

    Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291205 Results