Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2024-9422

    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.... Read more

    • Published: Nov. 22, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-8932

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.... Read more

    Affected Products : php ontap
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-8735

    The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unaut... Read more

    Affected Products : mailmunch
    • Published: Nov. 22, 2024
    • Modified: Feb. 11, 2025

  • 8.1

    HIGH
    CVE-2024-11601

    The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 22, 2024
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11381

    The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-11355

    The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for a... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-11225

    The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it p... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 8.1

    HIGH
    CVE-2024-11104

    The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a ... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 22, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-10666

    The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-10034

    The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and ... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.7

    MEDIUM
    CVE-2024-38296

    Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privilege... Read more

    • Published: Nov. 22, 2024
    • Modified: Feb. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-47142

    AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-45837

    Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.5

    MEDIUM
    CVE-2024-39290

    Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 8.0

    HIGH
    CVE-2024-31408

    OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.9

    MEDIUM
    CVE-2024-52056

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2024-52055

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2024-52054

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-52053

    Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-52052

    Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291269 Results