Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.9

    HIGH
    CVE-2021-26280

    Locally installed application can bypass the permission check and perform system operations that require permission.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.6

    HIGH
    CVE-2024-9624

    The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with... Read more

    Affected Products : wp_all_import
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.3

    LOW
    CVE-2024-54125

    Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 8.8

    HIGH
    CVE-2024-38499

    CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 19, 2024

  • 4.8

    MEDIUM
    CVE-2024-55864

    Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web br... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-12356

    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.... Read more

    • Actively Exploited
    • Published: Dec. 17, 2024
    • Modified: Feb. 17, 2025

  • 5.9

    MEDIUM
    CVE-2021-26279

    Some parameters of the weather module are improperly stored, leaking some sensitive information.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12239

    The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it p... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 15, 2025

  • 6.3

    MEDIUM
    CVE-2021-26278

    The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.0

    HIGH
    CVE-2020-12487

    Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2020-12484

    When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.4

    CRITICAL
    CVE-2024-10205

    Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue aff... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11906

    The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attribut... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11905

    The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : animated_counters
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11902

    The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11900

    The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanit... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.1

    HIGH
    CVE-2024-56017

    Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-55452

    A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2024-55451

    A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously cr... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-55085

    GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025
Showing 20 of 292834 Results