Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-50448

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1.... Read more

    Affected Products : yith_woocommerce_product_add-ons
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50447

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooC... Read more

    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50446

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11.... Read more

    Affected Products : futurio_extra
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50445

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.13.... Read more

    Affected Products : selection_lite
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 7.4

    HIGH
    CVE-2024-50441

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.15.... Read more

    Affected Products : cozy_blocks
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50440

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2.... Read more

    Affected Products : codepen
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50439

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14.... Read more

    Affected Products : astra_widgets
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-50438

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0.... Read more

    Affected Products : church_admin
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 7.4

    HIGH
    CVE-2024-6245

    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue aff... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Nov. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-49771

    MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be con... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.7

    MEDIUM
    CVE-2024-47827

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with acce... Read more

    Affected Products : argo_workflows
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-42028

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Net... Read more

    Affected Products : unifi_network_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-10469

    VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.... Read more

    Affected Products : vince
    • Published: Oct. 28, 2024
    • Modified: Mar. 17, 2025

  • 7.5

    HIGH
    CVE-2024-49761

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is... Read more

    Affected Products : ruby ontap_tools rexml
    • Published: Oct. 28, 2024
    • Modified: Mar. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-48291

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 28, 2024
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-45802

    Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to... Read more

    Affected Products : squid
    • Published: Oct. 28, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-10450

    A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handle... Read more

    Affected Products : advocate_office_management_system
    • Published: Oct. 28, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10449

    A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initia... Read more

    Affected Products : hospital_appointment_system
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-50443

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12.... Read more

    Affected Products : postx
    • Published: Oct. 28, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 293708 Results