Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-50463

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-10447

    A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argu... Read more

    Affected Products : online_time_table_generator
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 10.0

    CRITICAL
    CVE-2024-50498

    Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.... Read more

    Affected Products : wp_query_console
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50492

    Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.... Read more

    Affected Products : scottcart
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50489

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.... Read more

    Affected Products : realty_workstation
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50487

    Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.... Read more

    Affected Products : maanstore_api
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50486

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.... Read more

    Affected Products : flutter_api
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50477

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.... Read more

    Affected Products : stacks_mobile_app_builder
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50450

    Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.... Read more

    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 7.2

    HIGH
    CVE-2024-50442

    Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-50416

    Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6.... Read more

    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-50408

    Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3.... Read more

    Affected Products : namaste\!_lms
    • Published: Oct. 28, 2024
    • Modified: Aug. 27, 2025

  • 8.0

    HIGH
    CVE-2024-48074

    An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is execut... Read more

    Affected Products : vigor2960_firmware vigor2960
    • Published: Oct. 28, 2024
    • Modified: May. 17, 2025

  • 7.2

    HIGH
    CVE-2024-10446

    A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injec... Read more

    Affected Products : online_time_table_generator
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 9.1

    CRITICAL
    CVE-2024-38821

    Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * I... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Jan. 24, 2025

  • 7.2

    HIGH
    CVE-2024-9162

    The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-50307

    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. ... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.0

    MEDIUM
    CVE-2024-48936

    SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that ... Read more

    Affected Products : slurm
    • Published: Oct. 28, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-10440

    The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10439

    The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024
Showing 20 of 294421 Results