Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10914

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulat... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 24, 2024

  • 7.6

    HIGH
    CVE-2020-11859

    Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3... Read more

    Affected Products : imanager
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10186

    The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products : event_post
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8323

    The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escapi... Read more

    Affected Products : easy_pricing_tables
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10168

    The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input s... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10715

    The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : mappress
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9902

    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unp... Read more

    Affected Products : glance-store
    • Published: Nov. 06, 2024
    • Modified: Feb. 25, 2025

  • 10.0

    CRITICAL
    CVE-2024-8615

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible f... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-8614

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated ... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9681

    When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HT... Read more

    Affected Products : curl
    • Published: Nov. 06, 2024
    • Modified: Dec. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-52043

    Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.... Read more

    Affected Products : humhub
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 8.1

    HIGH
    CVE-2024-9946

    The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by ... Read more

    Affected Products : super_socializer
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-9307

    The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary w... Read more

    Affected Products : mfolio
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-6626

    The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it pos... Read more

    Affected Products : eleforms
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-10543

    The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated... Read more

    Affected Products : tumult_hype_animations
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-10535

    The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for u... Read more

    Affected Products : video_gallery_for_woocommerce
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 8.1

    HIGH
    CVE-2024-10020

    The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possi... Read more

    Affected Products : social_login
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9934

    The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_image_zoom wp-imagezoom
    • Published: Nov. 06, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-7879

    The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : wp_ulike
    • Published: Nov. 06, 2024
    • Modified: Apr. 11, 2025

  • 6.7

    MEDIUM
    CVE-2024-49409

    Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.... Read more

    Affected Products : galaxy_s24_firmware galaxy_s24
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 293644 Results