Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-10286

    Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to.... Read more

    Affected Products : localserver
    • Published: Oct. 23, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-10277

    A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-8500

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes ... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-10276

    A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross... Read more

    Affected Products : sentry
    • Published: Oct. 23, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2023-50310

    IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.... Read more

    Affected Products : cics_transaction_gateway
    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 4.3

    MEDIUM
    CVE-2024-9530

    The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above... Read more

    Affected Products : qi_addons_for_elementor
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-43924

    Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.... Read more

    Affected Products : responsive_lightbox
    • Published: Oct. 23, 2024
    • Modified: Nov. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-10045

    The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthent... Read more

    Affected Products : transients_manager
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-9947

    The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauth... Read more

    Affected Products : profilepress
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9583

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, an... Read more

    Affected Products : rss_aggregator
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-9829

    The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This ma... Read more

    Affected Products : download_plugin
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.0

    HIGH
    CVE-2024-50066

    In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 23, 2024
    • Modified: Mar. 07, 2025

  • 7.2

    HIGH
    CVE-2024-9927

    The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possi... Read more

    Affected Products : woocommerce_order_proposal
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-31880

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.... Read more

    Affected Products : linux_kernel db2 windows unix
    • Published: Oct. 23, 2024
    • Modified: Nov. 06, 2024

  • 7.8

    HIGH
    CVE-2024-7587

    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows... Read more

    Affected Products : genesis64 mc_works64
    • Published: Oct. 22, 2024
    • Modified: Nov. 05, 2024

  • 8.1

    HIGH
    CVE-2024-48657

    SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : hospital_management_system
    • Published: Oct. 22, 2024
    • Modified: Oct. 24, 2024

  • 5.4

    MEDIUM
    CVE-2024-48656

    Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : student_management_system
    • Published: Oct. 22, 2024
    • Modified: Oct. 24, 2024

  • 4.8

    MEDIUM
    CVE-2024-48652

    Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.... Read more

    Affected Products : camaleon_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-48644

    Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts a... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 5.0

    MEDIUM
    CVE-2024-48415

    itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.... Read more

    • Published: Oct. 22, 2024
    • Modified: Nov. 26, 2024
Showing 20 of 294690 Results