Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2024-10043

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title thr... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-21574

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.4

    MEDIUM
    CVE-2024-12401

    A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denia... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.4

    HIGH
    CVE-2024-12397

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-12333

    The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcod... Read more

    Affected Products : woodmart
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-12160

    The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-11760

    The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output ... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 6.9

    MEDIUM
    CVE-2024-12564

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can a... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Sep. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-12329

    The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with... Read more

    Affected Products : essential_real_estate
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-12312

    The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthentic... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-12201

    The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers,... Read more

    Affected Products : hash_form
    • Published: Dec. 12, 2024
    • Modified: Feb. 27, 2025

  • 4.4

    MEDIUM
    CVE-2024-11727

    The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notificat... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-11724

    The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX actio... Read more

    Affected Products : wp_cookie_consent
    • Published: Dec. 12, 2024
    • Modified: Jul. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-11181

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be inclu... Read more

    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-10784

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and... Read more

    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-10583

    The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insuff... Read more

    Affected Products : popup_maker
    • Published: Dec. 12, 2024
    • Modified: Apr. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-9881

    The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : learnpress
    • Published: Dec. 12, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-9641

    The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more

    Affected Products : luckywp_table_of_contents
    • Published: Dec. 12, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-9428

    The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : popup_builder
    • Published: Dec. 12, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-12265

    The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This make... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024
Showing 20 of 292897 Results