Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-49240

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Agustin Berasategui AB Categories Search Widget allows Reflected XSS.This issue affects AB Categories Search Widget: from n/a through 0.2.5.... Read more

    Affected Products : ab_categories_search_widget
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 7.1

    HIGH
    CVE-2024-49239

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nikhil Vaghela Add Categories Post Footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through 2.2.2.... Read more

    Affected Products : add_categories_post_footer
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 7.1

    HIGH
    CVE-2024-49238

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in M. Konieczny, DH9SB ADIF Log Search Widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through 1.0f.... Read more

    Affected Products : adif_log_search_widget
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49236

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5.... Read more

    Affected Products : crazy_call_to_action_box
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49234

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4.... Read more

    Affected Products : plexx_elementor_extension
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49233

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6.... Read more

    Affected Products : mas_elementor
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49232

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.15.... Read more

    Affected Products : el_mejor_cluster
    • Published: Oct. 18, 2024
    • Modified: Dec. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-49231

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0.... Read more

    Affected Products : wordpress_video
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49230

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4.... Read more

    Affected Products : ajax_custom_css\/js
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49228

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CrossedCode bVerse Convert allows Stored XSS.This issue affects bVerse Convert: from n/a through 1.3.7.1.... Read more

    Affected Products : bverse_convert
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-49225

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Swebdeveloper wpPricing Builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through 1.5.0.... Read more

    Affected Products : wppricing_builder
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 7.1

    HIGH
    CVE-2024-49224

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0.... Read more

    Affected Products : mitm_bug_tracker
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-10057

    The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : rss_feed_widget
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 7.5

    HIGH
    CVE-2024-4740

    MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.... Read more

    Affected Products : mxsecurity
    • Published: Oct. 18, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-4739

    The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.... Read more

    Affected Products : mxsecurity
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-47487

    There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.... Read more

    Affected Products : hikcentral_professional
    • Published: Oct. 18, 2024
    • Modified: Mar. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-47486

    There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.... Read more

    Affected Products : hikcentral_master
    • Published: Oct. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47485

    There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.... Read more

    Affected Products : hikcentral_master
    • Published: Oct. 18, 2024
    • Modified: Mar. 13, 2025

  • 8.6

    HIGH
    CVE-2023-49570

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in t... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10080

    The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 294745 Results