Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-53908

    An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs ... Read more

    Affected Products : django
    • Published: Dec. 06, 2024
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2024-53907

    An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested... Read more

    Affected Products : django
    • Published: Dec. 06, 2024
    • Modified: Jun. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-11730

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user... Read more

    Affected Products : kivicare
    • Published: Dec. 06, 2024
    • Modified: Feb. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-11729

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to in... Read more

    Affected Products : kivicare
    • Published: Dec. 06, 2024
    • Modified: Feb. 05, 2025

  • 7.8

    HIGH
    CVE-2024-53142

    In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_heade... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2024
    • Modified: Dec. 14, 2024

  • 7.8

    HIGH
    CVE-2024-53141

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. The... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2024
    • Modified: Dec. 14, 2024

  • 7.5

    HIGH
    CVE-2024-11728

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient e... Read more

    Affected Products : kivicare
    • Published: Dec. 06, 2024
    • Modified: Feb. 05, 2025

  • 7.5

    HIGH
    CVE-2024-11460

    The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.1

    HIGH
    CVE-2024-11289

    The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes i... Read more

    Affected Products : soledad
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.3

    MEDIUM
    CVE-2024-10909

    The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not proper... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.3

    MEDIUM
    CVE-2024-10681

    The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing use... Read more

    Affected Products : armember
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-9872

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including,... Read more

    • Published: Dec. 06, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-9866

    The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorizat... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-9706

    The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it po... Read more

    • Published: Dec. 06, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-9705

    The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it po... Read more

    • Published: Dec. 06, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-12155

    The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes ... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-12110

    The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for au... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-12060

    The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization ... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-12028

    The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary frien... Read more

    Affected Products : friends
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-12027

    The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it p... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
Showing 20 of 291918 Results