Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-11202

    Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.3

    MEDIUM
    CVE-2024-6749

    Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured t... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.2

    MEDIUM
    CVE-2024-6476

    Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.3

    MEDIUM
    CVE-2024-11002

    The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an ac... Read more

    Affected Products : inpost_gallery
    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-10857

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible ... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 8.1

    HIGH
    CVE-2024-10781

    The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and includin... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 12, 2025

  • 7.5

    HIGH
    CVE-2024-10570

    The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as ins... Read more

    Affected Products : security_\&_malware_scan
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-10542

    The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and inc... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-10471

    The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : everest_forms
    • Published: Nov. 26, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-53278

    Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users ... Read more

    Affected Products : wp_admin_ui_customize
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-49353

    IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.... Read more

    • Published: Nov. 26, 2024
    • Modified: Aug. 15, 2025

  • 5.5

    MEDIUM
    CVE-2024-49351

    IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.... Read more

    • Published: Nov. 26, 2024
    • Modified: Aug. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-11418

    The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21 due to insufficient input sanitization and output escap... Read more

    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-11342

    The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.6

    HIGH
    CVE-2024-49597

    Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection m... Read more

    Affected Products : wyse_management_suite
    • Published: Nov. 26, 2024
    • Modified: Feb. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-49596

    Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion... Read more

    Affected Products : wyse_management_suite
    • Published: Nov. 26, 2024
    • Modified: Feb. 04, 2025

  • 7.6

    HIGH
    CVE-2024-49595

    Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : wyse_management_suite
    • Published: Nov. 26, 2024
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-11678

    A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailme... Read more

    Affected Products : hospital_management_system
    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-11677

    A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of th... Read more

    Affected Products : hospital_management_system
    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-10729

    The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it p... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024
Showing 20 of 291395 Results