Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-11088

    The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data fr... Read more

    Affected Products : simple_membership
    • Published: Nov. 21, 2024
    • Modified: Apr. 05, 2025

  • 7.5

    HIGH
    CVE-2024-7016

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor allows Stored XSS.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early ab... Read more

    Affected Products : smart_doctor
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11590

    A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads t... Read more

    Affected Products : bookstore_management_system
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 8.8

    HIGH
    CVE-2024-11589

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /expcatedit.php. The manipulation of the argument id leads to sql injection. The attac... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-11588

    A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference.... Read more

    Affected Products : libdoip
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-11587

    A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiat... Read more

    Affected Products : idccms
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9851

    The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : lsx_tour_operator
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-9768

    The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : formidable_forms
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-9600

    The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-9542

    The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for auth... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9442

    The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products : f4_improvements
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9371

    The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-9111

    The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : product_designer
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8157

    The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : alphabetical_list
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 8.5

    HIGH
    CVE-2024-7517

    A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific e... Read more

    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-5029

    The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-52797

    Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable... Read more

    Affected Products : opencast
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 6.9

    MEDIUM
    CVE-2024-52067

    Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging... Read more

    Affected Products : nifi
    • Published: Nov. 21, 2024
    • Modified: Feb. 11, 2025

  • 7.5

    HIGH
    CVE-2024-45663

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : db2
    • Published: Nov. 21, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 291219 Results