Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-12099

    The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be i... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-10885

    The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products : searchiq
    • Published: Dec. 04, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11897

    The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output ... Read more

    Affected Products : mightyforms
    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-11813

    The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it po... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-11807

    The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : nps_computy
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11747

    The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-11093

    The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level ac... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.3

    HIGH
    CVE-2024-10952

    The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not pr... Read more

    Affected Products : authors_list
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10832

    The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unau... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10663

    The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-10587

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes... Read more

    Affected Products : funnelforms_free
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.0

    HIGH
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products : veeam_agent_for_windows
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 7.1

    HIGH
    CVE-2024-45205

    An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected ... Read more

    Affected Products : unifi
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.7

    HIGH
    CVE-2024-45204

    A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting syste... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42457

    A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credent... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42456

    A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specif... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42455

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42453

    A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42452

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server w... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025
Showing 20 of 291750 Results