Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-39703

    In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-1610

    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-12287

    The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for u... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11295

    The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sen... Read more

    Affected Products : simple_page_access_restriction
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-56175

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-56174

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-56173

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-4464

    Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.... Read more

    Affected Products : media_server
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.7

    HIGH
    CVE-2024-21548

    Versions of the package bun after 0.0.12 and before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. **Note:** This issue relates to the wi... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 7.7

    HIGH
    CVE-2024-21547

    Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the nor... Read more

    Affected Products : browsershot
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-21546

    Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.... Read more

    Affected Products : laravel-filemanager
    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 5.4

    MEDIUM
    CVE-2024-10892

    The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.... Read more

    Affected Products : cost_calculator_builder
    • Published: Dec. 18, 2024
    • Modified: May. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-56170

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be priorit... Read more

    Affected Products : fort-validator
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-56169

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields inc... Read more

    Affected Products : fort_validator
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-12698

    An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.... Read more

    Affected Products : openshift_container_platform
    • Published: Dec. 18, 2024
    • Modified: Feb. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-12596

    The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it pos... Read more

    Affected Products : lifterlms
    • Published: Dec. 18, 2024
    • Modified: Jul. 11, 2025

  • 6.4

    MEDIUM
    CVE-2024-12449

    The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitiza... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.1

    HIGH
    CVE-2024-12432

    The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. T... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-12259

    The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating thei... Read more

    Affected Products : computer_repair_shop
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-12250

    The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract confi... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 293355 Results