Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10625

    The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for ... Read more

    Affected Products : woocommerce_support_ticket_system
    • Published: Nov. 09, 2024
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-9775

    The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping.... Read more

    Affected Products : anih
    • Published: Nov. 09, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-9270

    The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-9262

    The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This mak... Read more

    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-8960

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : cowidgets_elementor_addons
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-10779

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible... Read more

    Affected Products : cowidgets_elementor_addons
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-10588

    The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level ... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10586

    The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-10294

    The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenti... Read more

    Affected Products : ce21_suite
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-10285

    The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.... Read more

    Affected Products : ce21_suite
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-10284

    The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : ce21_suite
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 6.9

    MEDIUM
    CVE-2024-52314

    A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with c... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-52313

    An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.al... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-52312

    Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-52311

    Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-10953

    An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-52009

    Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate A... Read more

    Affected Products : atlantis
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.6

    HIGH
    CVE-2024-52007

    HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTY... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.7

    HIGH
    CVE-2024-52004

    MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.8

    HIGH
    CVE-2024-52002

    Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 a... Read more

    Affected Products : itop
    • Published: Nov. 08, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293609 Results