Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-37606

    A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-37605

    A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dir-860l_firmware dir-860l
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-36832

    A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receive... Read more

    Affected Products : dap-1513_firmware dap-1513
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-36831

    A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.... Read more

    Affected Products : dap-1520_firmware dap-1520
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-8972

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-9819

    Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-54677

    Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-50379

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache T... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-10356

    The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with C... Read more

    Affected Products : elementsready
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.7

    LOW
    CVE-2024-9654

    The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the inte... Read more

    Affected Products : easy_digital_downloads
    • Published: Dec. 17, 2024
    • Modified: Feb. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-8475

    Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-8429

    Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-52542

    Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.... Read more

    Affected Products : emc_appsync appsync
    • Published: Dec. 17, 2024
    • Modified: Feb. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-12601

    The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : calculated_fields_form
    • Published: Dec. 17, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-12395

    The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-11280

    The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensi... Read more

    Affected Products : password_protect_wordpress
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8326

    The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' fu... Read more

    Affected Products : s2member
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12469

    The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12127

    The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient in... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.2

    HIGH
    CVE-2024-12024

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insuffic... Read more

    Affected Products : eventprime
    • Published: Dec. 17, 2024
    • Modified: Jan. 10, 2025
Showing 20 of 293280 Results