Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-8475

    Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-8429

    Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-52542

    Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.... Read more

    Affected Products : emc_appsync appsync
    • Published: Dec. 17, 2024
    • Modified: Feb. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-12601

    The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : calculated_fields_form
    • Published: Dec. 17, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-12395

    The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-11280

    The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensi... Read more

    Affected Products : password_protect_wordpress
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8326

    The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' fu... Read more

    Affected Products : s2member
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12469

    The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12127

    The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient in... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.2

    HIGH
    CVE-2024-12024

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insuffic... Read more

    Affected Products : eventprime
    • Published: Dec. 17, 2024
    • Modified: Jan. 10, 2025

  • 8.8

    HIGH
    CVE-2024-12293

    The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthentic... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-11294

    The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from post... Read more

    Affected Products : memberful
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12220

    The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-12219

    The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject ma... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 8.8

    HIGH
    CVE-2024-11999

    CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2021-26281

    Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.9

    HIGH
    CVE-2021-26280

    Locally installed application can bypass the permission check and perform system operations that require permission.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 7.6

    HIGH
    CVE-2024-9624

    The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with... Read more

    Affected Products : wp_all_import
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.3

    LOW
    CVE-2024-54125

    Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 8.8

    HIGH
    CVE-2024-38499

    CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 293510 Results