Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-54382

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5.... Read more

    Affected Products : bold_page_builder
    • Published: Dec. 16, 2024
    • Modified: Jan. 07, 2025

  • 7.5

    HIGH
    CVE-2024-54380

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.8

    HIGH
    CVE-2024-54379

    Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.8

    HIGH
    CVE-2024-54378

    Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-54375

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-54374

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-54373

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gårdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.6

    CRITICAL
    CVE-2024-54372

    Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.9

    CRITICAL
    CVE-2024-54370

    Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-54369

    Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.6

    CRITICAL
    CVE-2024-54368

    Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-54367

    Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.... Read more

    Affected Products : forumwp
    • Published: Dec. 16, 2024
    • Modified: Feb. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-54366

    Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4.... Read more

    Affected Products : vimeography
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.8

    HIGH
    CVE-2024-54365

    Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.1

    HIGH
    CVE-2024-54364

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-54363

    Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-54361

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-54360

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.2

    HIGH
    CVE-2024-54359

    Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.1

    HIGH
    CVE-2024-54358

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024
Showing 20 of 292714 Results