Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52272

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-12107

    Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Dec. 04, 2024
    • Modified: Aug. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-11814

    The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_f... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-5020

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied att... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.5

    HIGH
    CVE-2024-11952

    The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-lev... Read more

    Affected Products : page_builder
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11880

    The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10787

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This mak... Read more

    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-10567

    The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attacker... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11903

    The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11769

    The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : flower_delivery
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-11466

    The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.1

    HIGH
    CVE-2024-11293

    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including... Read more

    Affected Products : pie_register
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10664

    The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.1... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2023-6978

    The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products : wp_job_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.0

    HIGH
    CVE-2024-45717

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.... Read more

    Affected Products : solarwinds_platform
    • Published: Dec. 04, 2024
    • Modified: Feb. 06, 2025

  • 8.1

    HIGH
    CVE-2024-11398

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 29, 2025

  • 4.3

    MEDIUM
    CVE-2023-52944

    Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.... Read more

    Affected Products : surveillance_station
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2023-52943

    Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.... Read more

    Affected Products : surveillance_station
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-54661

    readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.... Read more

    Affected Products : socat
    • Published: Dec. 04, 2024
    • Modified: Jan. 07, 2025

  • 8.7

    HIGH
    CVE-2024-9404

    This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a signifi... Read more

    • Published: Dec. 04, 2024
    • Modified: Feb. 20, 2025
Showing 20 of 291871 Results