Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-9990

    The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated at... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-9989

    The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. ... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9988

    The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 8.7

    HIGH
    CVE-2024-8924

    ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and Servi... Read more

    Affected Products : servicenow
    • Published: Oct. 29, 2024
    • Modified: Nov. 27, 2024

  • 8.8

    HIGH
    CVE-2024-50466

    Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8... Read more

    Affected Products : darkmysite
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-50459

    Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3.... Read more

    Affected Products : aidwp
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-10491

    A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a... Read more

    Affected Products : express
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2019-25219

    Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 10.0

    CRITICAL
    CVE-2024-8923

    ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to h... Read more

    Affected Products : servicenow
    • Published: Oct. 29, 2024
    • Modified: Nov. 27, 2024

  • 8.8

    HIGH
    CVE-2024-7985

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it... Read more

    Affected Products : fileorganizer
    • Published: Oct. 29, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-25566

    An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks... Read more

    Affected Products : access_management
    • Published: Oct. 29, 2024
    • Modified: Nov. 08, 2024

  • 2.7

    LOW
    CVE-2024-10452

    Organization admins can delete pending invites created in an organization they are not part of.... Read more

    Affected Products : grafana
    • Published: Oct. 29, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-50334

    Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive... Read more

    Affected Products : scoold
    • Published: Oct. 29, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-49769

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread atte... Read more

    Affected Products : waitress
    • Published: Oct. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-49768

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default... Read more

    Affected Products : waitress
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 8.7

    HIGH
    CVE-2024-48921

    Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. A... Read more

    Affected Products : kyverno
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 6.4

    MEDIUM
    CVE-2024-9505

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user s... Read more

    Affected Products : beaver_builder
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 6.1

    MEDIUM
    CVE-2024-51076

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-51075

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.1

    HIGH
    CVE-2024-49634

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01.... Read more

    Affected Products : bp_member_type_manager
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024
Showing 20 of 293708 Results