Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    CVSS31
    CVE-2024-12014

    Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipula... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.3

    CVSS31
    CVE-2024-11297

    The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-10385

    Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.9

    CVSS31
    CVE-2024-56356

    In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.6

    CVSS31
    CVE-2024-56355

    In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-56354

    In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-56353

    In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.6

    CVSS31
    CVE-2024-56352

    In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.3

    CVSS31
    CVE-2024-56351

    In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.3

    CVSS31
    CVE-2024-56350

    In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.3

    CVSS31
    CVE-2024-56349

    In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.3

    CVSS31
    CVE-2024-56348

    In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.0

    CVSS31
    CVE-2024-51466

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources,... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 8.0

    CVSS31
    CVE-2024-40695

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload maliciou... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.8

    CVSS31
    CVE-2024-28767

    IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    Affected Products : security_directory_integrator
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-9619

    The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.3

    CVSS31
    CVE-2024-9503

    The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CVSS31
    CVE-2024-12571

    The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-12509

    The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-12506

    The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 146 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 18:24