Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11747

    The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-11093

    The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level ac... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.3

    HIGH
    CVE-2024-10952

    The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not pr... Read more

    Affected Products : authors_list
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10832

    The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unau... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10663

    The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-10587

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes... Read more

    Affected Products : funnelforms_free
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.0

    HIGH
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products : veeam_agent_for_windows
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 7.1

    HIGH
    CVE-2024-45205

    An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected ... Read more

    Affected Products : unifi
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.7

    HIGH
    CVE-2024-45204

    A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting syste... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42457

    A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credent... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42456

    A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specif... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42455

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42453

    A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42452

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server w... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42451

    A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup ... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.1

    HIGH
    CVE-2024-42449

    From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Mar. 13, 2025

  • 8.8

    HIGH
    CVE-2024-40717

    A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network sh... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 4.4

    MEDIUM
    CVE-2024-11985

    An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.1

    MEDIUM
    CVE-2024-11479

    A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
Showing 20 of 291625 Results