Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-10862

    The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parame... Read more

    Affected Products : nex-forms
    • Published: Dec. 25, 2024
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-10858

    The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.... Read more

    Affected Products : jetpack
    • Published: Dec. 25, 2024
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-12636

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 7.5

    HIGH
    CVE-2024-12428

    The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied pa... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 8.7

    HIGH
    CVE-2024-1609

    In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-12413

    The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketkin... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 8.8

    HIGH
    CVE-2024-12272

    The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for a... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-12190

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit ... Read more

    Affected Products : contact_form_builder
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-12032

    The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all ver... Read more

    Affected Products : tourfic tourfic
    • Published: Dec. 25, 2024
    • Modified: Jun. 05, 2025

  • 6.7

    MEDIUM
    CVE-2022-21505

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more

    Affected Products : linux
    • Published: Dec. 24, 2024
    • Modified: Jun. 18, 2025

  • 8.2

    HIGH
    CVE-2019-2483

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more

    Affected Products : istore
    • Published: Dec. 24, 2024
    • Modified: Jun. 23, 2025

  • 8.6

    HIGH
    CVE-2024-12746

    A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver ver... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 8.6

    HIGH
    CVE-2024-12745

    A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver versi... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 8.6

    HIGH
    CVE-2024-12744

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-53163

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Mar. 06, 2025

  • 7.1

    HIGH
    CVE-2024-53162

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Mar. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-53161

    In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ct... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Feb. 03, 2025

  • 0.0

    NA
    CVE-2024-53160

    In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() fun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 0.0

    NA
    CVE-2024-53158

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53157

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293620 Results