Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-13367

    The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level acce... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-13366

    The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-12637

    The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-12598

    The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-12508

    The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-12466

    The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more

    Affected Products : proofreading
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 4.4

    MEDIUM
    CVE-2024-12203

    The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 7.5

    HIGH
    CVE-2024-13333

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc... Read more

    Affected Products : advanced_file_manager
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025

  • 6.3

    MEDIUM
    CVE-2024-11146

    TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version ... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Feb. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-10799

    The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, ... Read more

    Affected Products : eventer eventer
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-13434

    The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more

    Affected Products : wp_inventory_manager
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-13401

    The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-13398

    The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products : checkout_for_paypal
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-51462

    IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.... Read more

    Affected Products : qradar_wincollect
    • Published: Jan. 17, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2024-52363

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    • Published: Jan. 17, 2025
    • Modified: Mar. 11, 2025

  • 7.8

    HIGH
    CVE-2025-21325

    Windows Secure Kernel Mode Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 17, 2025
    • Modified: Feb. 07, 2025

  • 8.5

    HIGH
    CVE-2024-34579

    Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-23201

    librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious ... Read more

    Affected Products : librenms
    • Published: Jan. 16, 2025
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-23200

    librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When... Read more

    Affected Products : librenms
    • Published: Jan. 16, 2025
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-23199

    librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When... Read more

    Affected Products : librenms
    • Published: Jan. 16, 2025
    • Modified: Mar. 25, 2025
Showing 20 of 291162 Results