Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-11926

    The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item',... Read more

    Affected Products : traveler
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2024-11912

    The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of suffici... Read more

    Affected Products : traveler
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11291

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. T... Read more

    • Published: Dec. 18, 2024
    • Modified: Feb. 04, 2025

  • 6.8

    MEDIUM
    CVE-2024-47104

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. ... Read more

    Affected Products : i i
    • Published: Dec. 18, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-12554

    The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-12454

    The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for ... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-12340

    The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for au... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.4

    HIGH
    CVE-2024-11614

    An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw al... Read more

    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 7.2

    HIGH
    CVE-2024-54457

    Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.2

    HIGH
    CVE-2024-53688

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitr... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2024-47397

    Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-39703

    In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-1610

    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-12287

    The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for u... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11295

    The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sen... Read more

    Affected Products : simple_page_access_restriction
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-56175

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-56174

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-56173

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-4464

    Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.... Read more

    Affected Products : media_server
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.7

    HIGH
    CVE-2024-21548

    Versions of the package bun after 0.0.12 and before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. **Note:** This issue relates to the wi... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025
Showing 20 of 293186 Results