Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-9846

    The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not pr... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-8792

    The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated at... Read more

    Affected Products : subscribe_to_comments
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 6.4

    MEDIUM
    CVE-2024-8627

    The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products : ultimate_tinymce
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10509

    A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The att... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10507

    A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be ini... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 05, 2024

  • 7.2

    HIGH
    CVE-2024-10506

    A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiat... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 05, 2024

  • 4.9

    MEDIUM
    CVE-2023-5816

    The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, thou... Read more

    Affected Products : code_explorer
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 7.2

    HIGH
    CVE-2024-10505

    A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotel... Read more

    Affected Products : wuzhicms
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-10503

    A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be ... Read more

    Affected Products : maptiler_tileserver_gl
    • Published: Oct. 30, 2024
    • Modified: Nov. 07, 2024

  • 8.8

    HIGH
    CVE-2024-10502

    A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directory... Read more

    Affected Products : cdg
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-10501

    A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possibl... Read more

    Affected Products : cdg
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-10500

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads t... Read more

    Affected Products : cdg
    • Published: Oct. 30, 2024
    • Modified: Nov. 05, 2024

  • 10.0

    CRITICAL
    CVE-2024-51568

    CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.... Read more

    Affected Products : cyberpanel
    • Published: Oct. 29, 2024
    • Modified: Jul. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-51567

    upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST ... Read more

    Affected Products : cyberpanel
    • Actively Exploited
    • Published: Oct. 29, 2024
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-51378

    getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which... Read more

    Affected Products : cyberpanel
    • Actively Exploited
    • Published: Oct. 29, 2024
    • Modified: Jul. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-50348

    InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This v... Read more

    Affected Products : instantcms
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 7.8

    HIGH
    CVE-2024-9997

    A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the conte... Read more

    • Published: Oct. 29, 2024
    • Modified: Apr. 04, 2025

  • 7.8

    HIGH
    CVE-2024-9996

    A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the... Read more

    • Published: Oct. 29, 2024
    • Modified: Feb. 10, 2025

  • 7.8

    HIGH
    CVE-2024-9827

    A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the... Read more

    • Published: Oct. 29, 2024
    • Modified: Apr. 11, 2025

  • 7.8

    HIGH
    CVE-2024-9826

    A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context... Read more

    • Published: Oct. 29, 2024
    • Modified: Apr. 11, 2025
Showing 20 of 293927 Results