Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-10400

    The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing ... Read more

    Affected Products : tutor_lms
    • Published: Nov. 21, 2024
    • Modified: Jan. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-10393

    The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for u... Read more

    Affected Products : tutor_lms
    • Published: Nov. 21, 2024
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-10316

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contribut... Read more

    Affected Products : stratum
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-10177

    The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : online_booking
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-10172

    The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and out... Read more

    • Published: Nov. 21, 2024
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-10164

    The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and outpu... Read more

    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-43937

    Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 6.8

    MEDIUM
    CVE-2022-43936

    Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 5.3

    MEDIUM
    CVE-2022-43935

    An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 7.5

    HIGH
    CVE-2022-43934

    Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 4.4

    MEDIUM
    CVE-2022-43933

    An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged infor... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 7.1

    HIGH
    CVE-2024-9875

    Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (S... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2024-52755

    D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-51151

    D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-52765

    H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.... Read more

    Affected Products : gr-1800ax_firmware gr-1800ax
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-52702

    A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.... Read more

    Affected Products : mybb
    • Published: Nov. 20, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-52701

    A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.... Read more

    Affected Products : piwigo
    • Published: Nov. 20, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-52677

    HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.... Read more

    Affected Products : hkcms
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 8.2

    HIGH
    CVE-2024-52581

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the... Read more

    Affected Products : litestar
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 0.0

    NA
    CVE-2024-49203

    Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query c... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Feb. 21, 2025
Showing 20 of 291255 Results