Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-52051

    A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4),... Read more

    Affected Products : simatic_wincc
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 8.4

    HIGH
    CVE-2024-49849

    A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7... Read more

    Affected Products : simatic_wincc
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-49704

    A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-47117

    IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... Read more

    Affected Products : carbon_charts
    • Published: Dec. 10, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2020-28398

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-11868

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to ext... Read more

    Affected Products : learnpress
    • Published: Dec. 10, 2024
    • Modified: Jan. 14, 2025

  • 8.8

    HIGH
    CVE-2024-52538

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote a... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 8.8

    HIGH
    CVE-2024-47977

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote a... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-47484

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2024-11928

    The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-11106

    The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from... Read more

    Affected Products : simple_restrict
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.3

    HIGH
    CVE-2024-10959

    The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software a... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-11973

    The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-11945

    The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.9

    MEDIUM
    CVE-2024-8256

    In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default per... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-45709

    SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.... Read more

    Affected Products : web_help_desk
    • Published: Dec. 10, 2024
    • Modified: Feb. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-11940

    The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.2

    HIGH
    CVE-2024-47946

    If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is avai... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 20, 2024

  • 7.3

    HIGH
    CVE-2024-28138

    An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-11107

    The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    Affected Products : system_dashboard
    • Published: Dec. 10, 2024
    • Modified: May. 17, 2025
Showing 20 of 292001 Results