Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2020-12484

    When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.4

    CRITICAL
    CVE-2024-10205

    Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue aff... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11906

    The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attribut... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11905

    The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : animated_counters
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11902

    The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-11900

    The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanit... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.1

    HIGH
    CVE-2024-56017

    Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-55452

    A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2024-55451

    A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously cr... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-55085

    GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-35230

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and com... Read more

    Affected Products : geoserver geoserver
    • Published: Dec. 16, 2024
    • Modified: Aug. 26, 2025

  • 6.4

    MEDIUM
    CVE-2024-12443

    The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-55554

    Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 17, 2024

  • 7.5

    HIGH
    CVE-2024-52949

    iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Apr. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-37776

    A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-37775

    Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-37774

    A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2024-37773

    An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-29671

    Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-55557

    ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 17, 2024
Showing 20 of 293284 Results