Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11411

    The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-11331

    The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes i... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    HIGH
    CVE-2024-11297

    The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated ... Read more

    Affected Products : page_restriction
    • Published: Dec. 20, 2024
    • Modified: Jul. 03, 2025

  • 4.7

    MEDIUM
    CVE-2024-8968

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : maxbuttons
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-5955

    Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orc... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-11108

    The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : serious_slider
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-10706

    The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    • Published: Dec. 20, 2024
    • Modified: Apr. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-10555

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : maxbuttons
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 8.6

    HIGH
    CVE-2024-21549

    Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arb... Read more

    Affected Products : browsershot
    • Published: Dec. 20, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-44298

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-44293

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-44292

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025

  • 7.5

    HIGH
    CVE-2024-44231

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 06, 2025

  • 4.6

    MEDIUM
    CVE-2024-44223

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 06, 2025

  • 7.5

    HIGH
    CVE-2024-44211

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 06, 2025

  • 7.5

    HIGH
    CVE-2024-44195

    A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2023-42867

    This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.... Read more

    Affected Products : garageband
    • Published: Dec. 20, 2024
    • Modified: Jan. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-11776

    The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    HIGH
    CVE-2022-34159

    Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposure... Read more

    Affected Products : cv81-wdm_firmware cv81-wdm
    • Published: Dec. 20, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2022-32204

    There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilitie... Read more

    Affected Products : cv81-wdm_firmware cv81-wdm
    • Published: Dec. 20, 2024
    • Modified: Jan. 10, 2025
Showing 20 of 293179 Results