Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11203

    The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all... Read more

    Affected Products : embedpress
    • Published: Nov. 28, 2024
    • Modified: Apr. 11, 2025

  • 8.8

    HIGH
    CVE-2024-36466

    A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.... Read more

    Affected Products : zabbix
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-11925

    The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_a... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 4.3

    MEDIUM
    CVE-2024-11918

    The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes ... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 5.4

    MEDIUM
    CVE-2024-10896

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-10510

    The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte... Read more

    Affected Products : adbuddy\+_\(adblocker_detection\)
    • Published: Nov. 28, 2024
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-10493

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is... Read more

    Affected Products : element_pack
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10473

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripti... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 2.4

    LOW
    CVE-2024-46939

    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-53008

    Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a res... Read more

    Affected Products : haproxy
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 7.8

    HIGH
    CVE-2024-38658

    There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.... Read more

    Affected Products : v-server
    • Published: Nov. 28, 2024
    • Modified: Nov. 29, 2024

  • 7.8

    HIGH
    CVE-2024-38389

    There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.... Read more

    Affected Products : tellus tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Nov. 29, 2024

  • 7.8

    HIGH
    CVE-2024-38309

    There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitra... Read more

    Affected Products : tellus tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Nov. 29, 2024

  • 8.4

    HIGH
    CVE-2018-9377

    In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Nov. 28, 2024
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2024-11933

    Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction... Read more

    Affected Products : monitouch_v-sft
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11803

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction ... Read more

    Affected Products : tellus_lite_v-simulator tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11802

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User inte... Read more

    Affected Products : tellus_lite_v-simulator tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11801

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction ... Read more

    Affected Products : tellus_lite_v-simulator tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11800

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User inte... Read more

    Affected Products : tellus_lite_v-simulator tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11799

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User inte... Read more

    Affected Products : tellus_lite_v-simulator tellus_lite
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024
Showing 20 of 291570 Results