Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-9184

    The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to in... Read more

    Affected Products : free_web_push
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-8920

    The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-49392

    Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.3

    HIGH
    CVE-2024-49391

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.3

    HIGH
    CVE-2024-49390

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49389

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-49386

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-10025

    A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has no... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9951

    The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-3187

    This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is e... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-3186

    CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript temp... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-3184

    Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vul... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9213

    The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it pos... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-9352

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form ... Read more

    Affected Products : forminator forminator_forms
    • Published: Oct. 17, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-9351

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'create... Read more

    Affected Products : forminator forminator_forms
    • Published: Oct. 17, 2024
    • Modified: Jan. 29, 2025

  • 7.6

    HIGH
    CVE-2024-5429

    The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Oct. 17, 2024
    • Modified: May. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-9347

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. ... Read more

    Affected Products : wp_extended
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-9263

    The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the sav... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8719

    The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-7417

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and abov... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 17, 2024
    • Modified: Jan. 10, 2025
Showing 20 of 294745 Results