Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-12541

    The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it p... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-12538

    The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-12528

    The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient in... Read more

    Affected Products : wordpress_survey_and_poll
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12419

    The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-12416

    The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter a... Read more

    Affected Products : woomotiv
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12402

    The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's ... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-12098

    The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-11934

    The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-11899

    The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-11777

    The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user... Read more

    Affected Products : sell_media
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2024-11437

    The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL qu... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-22395

    Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the ser... Read more

    Affected Products : update_package_framework
    • Published: Jan. 07, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-21620

    Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-... Read more

    Affected Products : deno
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-55553

    In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for F... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-54767

    An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-54764

    An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-21616

    Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profi... Read more

    Affected Products : plane
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-54763

    An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-53936

    The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-53935

    The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.ca... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication
Showing 20 of 293588 Results