Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-54243

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza allows Stored XSS.This issue affects Echoza: from n/a through 0.1.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54242

    Missing Authorization vulnerability in Appsbd Simple Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54241

    Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification – Sales Popup, Soci... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54240

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Online Blaze Online eParcel for WooCommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54239

    Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54238

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Colin Tomele Board Document Manager from CHUHPL allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54237

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54236

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54235

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.3

    CRITICAL
    CVE-2024-54234

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.... Read more

    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54233

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by Ita... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54231

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-47984

    Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting ... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Dec. 13, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-28980

    Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Dec. 13, 2024
    • Modified: Feb. 04, 2025

  • 6.6

    MEDIUM
    CVE-2024-24902

    Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Dec. 13, 2024
    • Modified: Feb. 04, 2025

  • 5.3

    MEDIUM
    CVE-2023-44149

    Missing Authorization vulnerability in BeRocket Brands for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through 3.8.2.2.... Read more

    Affected Products : brands_for_woocommerce
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.3

    MEDIUM
    CVE-2023-44147

    Missing Authorization vulnerability in Apasionados Comment Blacklist Updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-44142

    Missing Authorization vulnerability in Inactive Logout Inactive Logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through 3.2.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.3

    MEDIUM
    CVE-2023-41952

    Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.... Read more

    Affected Products : contact_form
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2023-41951

    Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.... Read more

    Affected Products : rtmedia
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024
Showing 20 of 292720 Results