Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11770

    The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11763

    The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i... Read more

    Affected Products : plezi
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11759

    The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11755

    The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11751

    The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-11462

    The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This mak... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11095

    The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 9.1

    CRITICAL
    CVE-2023-29476

    In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+.... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-12553

    GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exp... Read more

    Affected Products : gv-asmanager
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2024-12552

    Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : center
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-55956

    In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.... Read more

    Affected Products : lexicom harmony vltrader
    • Actively Exploited
    • Published: Dec. 13, 2024
    • Modified: Mar. 14, 2025

  • 8.7

    HIGH
    CVE-2024-55946

    Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have a... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-55890

    D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `... Read more

    Affected Products : d-tale
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.8

    HIGH
    CVE-2024-47892

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.... Read more

    Affected Products : ddk
    • Published: Dec. 13, 2024
    • Modified: Dec. 16, 2024

  • 7.8

    HIGH
    CVE-2024-46971

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.... Read more

    Affected Products : ddk
    • Published: Dec. 13, 2024
    • Modified: Dec. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-9945

    An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Dec. 13, 2024
    • Modified: Aug. 29, 2025

  • 8.6

    HIGH
    CVE-2024-55887

    Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containi... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-55661

    Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()`... Read more

    Affected Products : laravel pulse
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.6

    CRITICAL
    CVE-2024-54139

    Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.... Read more

    Affected Products : itop
    • Published: Dec. 13, 2024
    • Modified: Mar. 11, 2025

  • 7.1

    HIGH
    CVE-2024-54351

    Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024
Showing 20 of 292625 Results