Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-49335

    Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2.... Read more

    Affected Products : googledrive_folder_list
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-47325

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.... Read more

    Affected Products : multiple_page_generator
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44061

    : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.... Read more

    • Published: Oct. 20, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-49625

    Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.... Read more

    Affected Products : sitebuilder_dynamic_components
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-49624

    Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.... Read more

    Affected Products : advanced_advertising_system
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-49623

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0.... Read more

    Affected Products : duplicate_title_validate
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-49622

    Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0.... Read more

    Affected Products : apa_banner_slider
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-49621

    Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0.... Read more

    Affected Products : apa_register_newsletter_form
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49610

    Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.... Read more

    Affected Products : photokit
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-49608

    : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0.... Read more

    Affected Products : gerryworks_post_by_mail
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49607

    Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.... Read more

    Affected Products : wp_dropbox_dropins
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-49332

    Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.... Read more

    Affected Products : giveaway_boost
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.9

    CRITICAL
    CVE-2024-49331

    Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.... Read more

    Affected Products : property_lot_management_system
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49330

    Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.... Read more

    Affected Products : nice_backgrounds
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49329

    Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.... Read more

    Affected Products : wp_rest_api_fns
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49327

    Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.... Read more

    Affected Products : woostagram_connect
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49326

    Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.... Read more

    Affected Products : affiliator
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49324

    Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.... Read more

    Affected Products : sovratec_case_management
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-10195

    A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation o... Read more

    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-49631

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.... Read more

    Affected Products : easy_addons_for_elementor
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024
Showing 20 of 294799 Results