Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-12851

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all version... Read more

    Affected Products : element_pack
    • Published: Jan. 08, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12584

    The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with C... Read more

    Affected Products : xpro_addons_for_elementor
    • Published: Jan. 08, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-11613

    The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper san... Read more

    Affected Products : wordpress_file_upload
    • Published: Jan. 08, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-12585

    The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : propertyhive
    • Published: Jan. 08, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-10585

    The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt fi... Read more

    Affected Products : infinitewp_client
    • Published: Jan. 08, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-10151

    The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : auto_iframe
    • Published: Jan. 08, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-54731

    cpdf through 2.8 allows stack consumption via a crafted PDF document.... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2024-12205

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : themesflat_addons_for_elementor
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12030

    The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter a... Read more

    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-11271

    The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers... Read more

    Affected Products : webinarpress
    • Published: Jan. 08, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-11270

    The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. ... Read more

    Affected Products : webinarpress
    • Published: Jan. 08, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-21603

    Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when ac... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-56456

    Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-56455

    Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-56454

    Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2024-56453

    Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-56452

    Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2024-56451

    Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2024-56450

    Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-56449

    Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 08, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 293493 Results