Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-13572

    The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and outpu... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-13542

    The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitiz... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 8.8

    HIGH
    CVE-2024-13409

    The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler(... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 8.8

    HIGH
    CVE-2024-13408

    The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This ... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-13354

    The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient i... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-13335

    The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1... Read more

    Affected Products : spexo_addons_for_elementor
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-13583

    The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2tw_sgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products : simple_gallery_with_filter
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-12494

    The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : meeting_map
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-13545

    The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the exec... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-13683

    The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automate_hub' page. This makes it possible for un... Read more

    Affected Products : automate_hub
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-13680

    The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and la... Read more

    Affected Products : form_builder_cp
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-13659

    The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : listamester
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 8.7

    HIGH
    CVE-2025-0314

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.... Read more

    Affected Products : gitlab
    • Published: Jan. 24, 2025
    • Modified: Aug. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11931

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltra... Read more

    Affected Products : gitlab
    • Published: Jan. 24, 2025
    • Modified: Aug. 05, 2025

  • 9.1

    CRITICAL
    CVE-2024-55573

    An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.... Read more

    Affected Products : centreon_web
    • Published: Jan. 23, 2025
    • Modified: Jun. 06, 2025

  • 7.5

    HIGH
    CVE-2024-53379

    Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 27, 2025

  • 4.9

    MEDIUM
    CVE-2021-42718

    Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions wi... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 24, 2025

  • 6.9

    MEDIUM
    CVE-2025-0693

    Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-57556

    Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component... Read more

    Affected Products : store
    • Published: Jan. 23, 2025
    • Modified: Feb. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-57386

    Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.... Read more

    Affected Products : wallos
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
Showing 20 of 291150 Results