Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-51576

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1.... Read more

    Affected Products : amp_img_shortcode
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51578

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0.... Read more

    Affected Products : 3d_presentation
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51577

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0.... Read more

    Affected Products : bpmn.io
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11054

    A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51584

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0.... Read more

    Affected Products : marquee_elementor_with_posts
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51583

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3.... Read more

    Affected Products : kento_ads_rotator
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51581

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-51580

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1.... Read more

    Affected Products : clever_addons_for_elementor
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-11051

    A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads t... Read more

    Affected Products : hotel_broadband_operating_system
    • Published: Nov. 10, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-11050

    A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to ... Read more

    Affected Products : hotel_broadband_operating_system
    • Published: Nov. 10, 2024
    • Modified: Nov. 23, 2024

  • 6.3

    MEDIUM
    CVE-2024-11049

    A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the... Read more

    Affected Products : zkbio_time
    • Published: Nov. 10, 2024
    • Modified: Nov. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-11048

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be la... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11047

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer ... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11046

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-52032

    Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when E... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-42000

    Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with "Read Groups" permission but with no access for channels t... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 4.8

    MEDIUM
    CVE-2024-36250

    Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51610

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4.... Read more

    Affected Products : display_terms_shortcode
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51609

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through 1.0.0.... Read more

    Affected Products : emoji_shortcode
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 8.8

    HIGH
    CVE-2024-51608

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0.... Read more

    Affected Products : amadiscount
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 293562 Results