Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-10703

    The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-10679

    The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability... Read more

    Affected Products : quiz_and_survey_master
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2024-10638

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-10566

    The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : slider
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-10565

    The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : slider
    • Published: Mar. 25, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-10560

    The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-10554

    The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-advanced-search
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-10472

    The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : stylish_price_list
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2024-10210

    An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2024-10105

    The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : jobs_for_wordpress
    • Published: Mar. 25, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2736

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to s... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2735

    A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to ... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2734

    A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possibl... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-2733

    A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is pos... Read more

    Affected Products : openmanus
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-8315

    An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.... Read more

    Affected Products : industrial_automation_aprol
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-8314

    An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user sessi... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-8313

    An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2024-45484

    An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2024-45483

    A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2024-45482

    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.... Read more

    Affected Products : industrial_automation_aprol
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 291736 Results