Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-50358

    A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploit... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-11024

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to upda... Read more

    Affected Products : apppresser
    • Published: Nov. 26, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-10579

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it p... Read more

    Affected Products : hustle hustle
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-10308

    The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products : jeg_elementor_kit
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-11680

    ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's ... Read more

    Affected Products : projectsend
    • Actively Exploited
    • Published: Nov. 26, 2024
    • Modified: Dec. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-11032

    The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-9170

    The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user suppli... Read more

    Affected Products : booster_for_woocommerce
    • Published: Nov. 26, 2024
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11192

    The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products : spotify-play-button-for-wordpress
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-11119

    The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-11091

    The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output es... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 8.4

    HIGH
    CVE-2018-11952

    An image with a version lower than the fuse version may potentially be booted lead to improper authentication.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-11922

    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2017-18153

    A race condition exists in a driver potentially leading to a use-after-free condition.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-17772

    In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2017-15832

    Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-11076

    On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 8.4

    HIGH
    CVE-2016-10394

    Initial xbl_sec revision does not have all the debug policy features and critical checks.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 7.2

    HIGH
    CVE-2024-9504

    The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : booking_calendar
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-8772

    51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis ... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 3.8

    LOW
    CVE-2024-8160

    Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This fla... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024
Showing 20 of 291531 Results