Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-5020

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied att... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.5

    HIGH
    CVE-2024-11952

    The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-lev... Read more

    Affected Products : page_builder
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11880

    The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10787

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This mak... Read more

    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-10567

    The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attacker... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11903

    The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11769

    The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : flower_delivery
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-11466

    The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.1

    HIGH
    CVE-2024-11293

    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including... Read more

    Affected Products : pie_register
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-10664

    The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.1... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2023-6978

    The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products : wp_job_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.0

    HIGH
    CVE-2024-45717

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.... Read more

    Affected Products : solarwinds_platform
    • Published: Dec. 04, 2024
    • Modified: Feb. 06, 2025

  • 8.1

    HIGH
    CVE-2024-11398

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 29, 2025

  • 4.3

    MEDIUM
    CVE-2023-52944

    Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.... Read more

    Affected Products : surveillance_station
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2023-52943

    Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.... Read more

    Affected Products : surveillance_station
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-54661

    readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.... Read more

    Affected Products : socat
    • Published: Dec. 04, 2024
    • Modified: Jan. 07, 2025

  • 8.7

    HIGH
    CVE-2024-9404

    This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a signifi... Read more

    • Published: Dec. 04, 2024
    • Modified: Feb. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-12123

    A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.  When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. ... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-12099

    The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be i... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-10885

    The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products : searchiq
    • Published: Dec. 04, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 291908 Results