Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-56210

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.1

    HIGH
    CVE-2024-56209

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-13069

    A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is ... Read more

    Affected Products : multi_role_login_system
    • Published: Dec. 31, 2024
    • Modified: Apr. 29, 2025

  • 9.6

    CRITICAL
    CVE-2024-12108

    In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.... Read more

    Affected Products : windows whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.4

    CRITICAL
    CVE-2024-12106

    In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-12105

    In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 08, 2025

  • 7.1

    HIGH
    CVE-2024-56232

    Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.5

    HIGH
    CVE-2024-56230

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Produ... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-56229

    Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6.... Read more

    Affected Products : searchiq
    • Published: Dec. 31, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-56222

    Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1.... Read more

    Affected Products : codebard_help_desk
    • Published: Dec. 31, 2024
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-56220

    Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-56218

    Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-56216

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3.... Read more

    Affected Products : builder
    • Published: Dec. 31, 2024
    • Modified: Feb. 07, 2025

  • 8.3

    HIGH
    CVE-2024-56214

    Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56213

    Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.... Read more

    Affected Products : eventin
    • Published: Dec. 31, 2024
    • Modified: Aug. 11, 2025

  • 8.5

    HIGH
    CVE-2024-56212

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56211

    Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 5.2

    MEDIUM
    CVE-2024-49422

    Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 6.9

    MEDIUM
    CVE-2024-13067

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access contr... Read more

    Affected Products : online_food_ordering_system
    • Published: Dec. 31, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-11972

    The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including ... Read more

    Affected Products : hunk_companion
    • Published: Dec. 31, 2024
    • Modified: May. 17, 2025
Showing 20 of 293608 Results