Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-4740

    MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.... Read more

    Affected Products : mxsecurity
    • Published: Oct. 18, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-4739

    The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.... Read more

    Affected Products : mxsecurity
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-47487

    There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.... Read more

    Affected Products : hikcentral_professional
    • Published: Oct. 18, 2024
    • Modified: Mar. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-47486

    There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.... Read more

    Affected Products : hikcentral_master
    • Published: Oct. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47485

    There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.... Read more

    Affected Products : hikcentral_master
    • Published: Oct. 18, 2024
    • Modified: Mar. 13, 2025

  • 8.6

    HIGH
    CVE-2023-49570

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in t... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10080

    The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10079

    The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated att... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 7.3

    HIGH
    CVE-2024-10078

    The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated ... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10055

    The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and o... Read more

    Affected Products : click_to_chat
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6058

    A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the pr... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6057

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2023-6056

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without ... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6055

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the E... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-49567

    A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts ... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9703

    The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : arconix_shortcodes
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9206

    The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unau... Read more

    Affected Products : mas_companies_for_wp_job_manager
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-47793

    Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser o... Read more

    Affected Products : exment
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 3.8

    LOW
    CVE-2024-46897

    Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.... Read more

    Affected Products : exment
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.3

    MEDIUM
    CVE-2024-38820

    The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.... Read more

    Affected Products : spring_framework
    • Published: Oct. 18, 2024
    • Modified: Nov. 29, 2024
Showing 20 of 294792 Results