Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-54295

    Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54294

    Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54293

    Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0.... Read more

    Affected Products : ce21_suite
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.3

    CRITICAL
    CVE-2024-54292

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54290

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer allows Reflected XSS.This issue affects Role Includer: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54289

    Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.3.0.... Read more

    Affected Products : awesome_support
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54288

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54287

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best Wp Developer Advanced Blog Post Block allows Stored XSS.This issue affects Advanced Blog Post Block: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sendsmaily LLC Smaily for WP allows Stored XSS.This issue affects Smaily for WP: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.2

    HIGH
    CVE-2024-54282

    Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-54278

    Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54277

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza aliniya Nias course allows DOM-Based XSS.This issue affects Nias course: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54276

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54275

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wibergs Web CSV to html allows Reflected XSS.This issue affects CSV to html: from n/a through 3.04.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54274

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support T... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54273

    Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54272

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks – WordPress Gutenberg Blocks: from n/a through ... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-54271

    Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more

    Affected Products : track_\&_trace
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-54268

    Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0.... Read more

    Affected Products : siteorigin_widgets_bundle
    • Published: Dec. 13, 2024
    • Modified: Mar. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-54267

    Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6.... Read more

    Affected Products : cm_answers
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024
Showing 20 of 292714 Results