Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-52538

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote a... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 8.8

    HIGH
    CVE-2024-47977

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote a... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-47484

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2024-11928

    The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-11106

    The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from... Read more

    Affected Products : simple_restrict
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.3

    HIGH
    CVE-2024-10959

    The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software a... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-11973

    The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-11945

    The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.9

    MEDIUM
    CVE-2024-8256

    In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default per... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-45709

    SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.... Read more

    Affected Products : web_help_desk
    • Published: Dec. 10, 2024
    • Modified: Feb. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-11940

    The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.2

    HIGH
    CVE-2024-47946

    If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is avai... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 20, 2024

  • 7.3

    HIGH
    CVE-2024-28138

    An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-11107

    The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    Affected Products : system_dashboard
    • Published: Dec. 10, 2024
    • Modified: May. 17, 2025

  • 4.9

    MEDIUM
    CVE-2024-10708

    The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server... Read more

    Affected Products : system_dashboard
    • Published: Dec. 10, 2024
    • Modified: May. 17, 2025

  • 7.7

    HIGH
    CVE-2023-6947

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the content... Read more

    Affected Products : foogallery
    • Published: Dec. 10, 2024
    • Modified: Feb. 24, 2025

  • 8.6

    HIGH
    CVE-2024-21542

    Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Jul. 24, 2025

  • 8.5

    HIGH
    CVE-2024-11205

    The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authent... Read more

    Affected Products : wpforms
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 8.2

    HIGH
    CVE-2024-37144

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 10.0

    CRITICAL
    CVE-2024-37143

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024
Showing 20 of 292495 Results