Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-13097

    The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2024-13096

    The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-12768

    The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : responsive_iframe
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12041

    The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This make... Read more

    Affected Products : directorist
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-53295

    Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-53296

    Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-51534

    Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server files... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-13651

    The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possib... Read more

    • Published: Feb. 01, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13547

    The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : athemes_addons_for_elementor
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13343

    The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated att... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-12620

    The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, ... Read more

    Affected Products : animategl_animations
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-12184

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it pos... Read more

    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-12171

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it poss... Read more

    Affected Products : wsdesk
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-11780

    The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : site_search_360
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-24891

    Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overw... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-57587

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57435

    In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-57434

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-57433

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55062

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection
Showing 20 of 291358 Results