Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-12892

    A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php. The manipulation of the argument name/gender/college lea... Read more

    Affected Products : online_exam_mastering_system
    • Published: Dec. 22, 2024
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2024-12891

    A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to... Read more

    Affected Products : online_exam_mastering_system
    • Published: Dec. 22, 2024
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2024-12890

    A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The ... Read more

    Affected Products : online_exam_mastering_system
    • Published: Dec. 22, 2024
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-11852

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions... Read more

    Affected Products : element_pack
    • Published: Dec. 22, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-51464

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to p... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-51463

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12884

    A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be laun... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 21, 2024
    • Modified: Jan. 10, 2025

  • 6.9

    MEDIUM
    CVE-2024-12883

    A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. ... Read more

    Affected Products : job_recruitment
    • Published: Dec. 21, 2024
    • Modified: Jan. 10, 2025

  • 4.9

    MEDIUM
    CVE-2024-12875

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated... Read more

    Affected Products : easy_digital_downloads
    • Published: Dec. 21, 2024
    • Modified: Feb. 07, 2025

  • 6.4

    MEDIUM
    CVE-2024-12591

    The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-12558

    The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for ... Read more

    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-12408

    The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 5.9

    MEDIUM
    CVE-2024-11722

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products : frontend_admin
    • Published: Dec. 21, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-11688

    The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauth... Read more

    Affected Products : latex2html
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-10453

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and ou... Read more

    Affected Products : website_builder
    • Published: Dec. 21, 2024
    • Modified: Mar. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-9545

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitizati... Read more

    • Published: Dec. 21, 2024
    • Modified: May. 22, 2025

  • 6.4

    MEDIUM
    CVE-2024-12588

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on us... Read more

    • Published: Dec. 21, 2024
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-11808

    The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-10797

    The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This make... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 8.8

    HIGH
    CVE-2024-12771

    The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' f... Read more

    Affected Products : ecommerce_product_catalog
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024
Showing 20 of 293351 Results