Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-8916

    The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : suki_sites_import
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-8790

    The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthe... Read more

    Affected Products : social_share_with_floating_bar
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-8740

    The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthe... Read more

    Affected Products : getresponse_forms
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10119

    The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.... Read more

    Affected Products : wrtm326_firmware wrtm326
    • Published: Oct. 18, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-10049

    The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-10040

    The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it... Read more

    Affected Products : infinite-scroll
    • Published: Oct. 18, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-10014

    The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe... Read more

    Affected Products : flat_ui_button
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 9.9

    CRITICAL
    CVE-2024-9264

    The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vu... Read more

    Affected Products : grafana
    • Published: Oct. 18, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-10118

    SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.... Read more

    Affected Products :
    • Published: Oct. 18, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-49023

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 18, 2024
    • Modified: Oct. 18, 2024

  • 8.8

    HIGH
    CVE-2024-43596

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.8

    HIGH
    CVE-2024-43595

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.1

    HIGH
    CVE-2024-43587

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-43580

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.3

    HIGH
    CVE-2024-43579

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.3

    HIGH
    CVE-2024-43578

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-43566

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.5

    HIGH
    CVE-2024-10093

    A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is ... Read more

    Affected Products : convertxtodvd
    • Published: Oct. 17, 2024
    • Modified: Nov. 01, 2024

  • 5.9

    MEDIUM
    CVE-2024-7316

    Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, cau... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Feb. 21, 2025

  • 8.1

    HIGH
    CVE-2024-33453

    Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.... Read more

    Affected Products : esp-idf
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 294842 Results