Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-43946

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a thro... Read more

    Affected Products : skt_blocks
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43936

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8.... Read more

    Affected Products : embedpress
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43935

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/... Read more

    Affected Products : wp_delicious
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-43934

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5.... Read more

    Affected Products : collapsing_archives
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-43788

    Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vu... Read more

    Affected Products : webpack
    • Published: Aug. 27, 2024
    • Modified: Sep. 03, 2024

  • 5.9

    MEDIUM
    CVE-2024-45056

    zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bi... Read more

    Affected Products : zksolc
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-45045

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the... Read more

    Affected Products : android online richdocumentscode
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 5.1

    MEDIUM
    CVE-2024-34463

    BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)... Read more

    Affected Products :
    • Published: Sep. 03, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5061

    The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escap... Read more

    Affected Products : enfold
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-2694

    The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with con... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-3998

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : betheme
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-5879

    The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient inpu... Read more

    Affected Products : hubspot
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.1

    HIGH
    CVE-2024-39300

    Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.... Read more

    Affected Products : wab-i1750-ps_firmware wab-i1750-ps
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.1

    CRITICAL
    CVE-2024-8016

    The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attacke... Read more

    Affected Products : events_calendar_pro
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-8319

    The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_functio... Read more

    Affected Products : tourfic
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-7122

    The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-7858

    The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authe... Read more

    Affected Products : media_library_folders
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-8252

    The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributo... Read more

    Affected Products : clean_login
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-8274

    The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it po... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 5.5

    MEDIUM
    CVE-2022-48944

    In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race v... Read more

    Affected Products : linux_kernel
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 290184 Results