Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-7417

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and abov... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 17, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-49593

    In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP ... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-9940

    The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticate... Read more

    Affected Products : calculated_fields_form
    • Published: Oct. 17, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-9863

    The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to re... Read more

    Affected Products : otp_verification_with_firebase
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-9862

    The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass author... Read more

    Affected Products : otp_verification_with_firebase
    • Published: Oct. 17, 2024
    • Modified: Jan. 28, 2025

  • 8.1

    HIGH
    CVE-2024-9861

    The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This ... Read more

    Affected Products : otp_verification_with_firebase
    • Published: Oct. 17, 2024
    • Modified: Jan. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-9240

    The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthen... Read more

    Affected Products : redi_restaurant_reservation
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.8

    HIGH
    CVE-2024-9215

    The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via t... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-45767

    Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera... Read more

    Affected Products : openmanage_enterprise
    • Published: Oct. 17, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-45766

    Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code exe... Read more

    Affected Products : openmanage_enterprise
    • Published: Oct. 17, 2024
    • Modified: Dec. 02, 2024

  • 7.8

    HIGH
    CVE-2024-7994

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current p... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 7.8

    HIGH
    CVE-2024-7993

    A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the ... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-48918

    RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user i... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-48758

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-48180

    ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.... Read more

    Affected Products : classcms
    • Published: Oct. 16, 2024
    • Modified: Apr. 28, 2025

  • 6.6

    MEDIUM
    CVE-2024-47889

    Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47888

    Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Caref... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 7.2

    HIGH
    CVE-2024-46213

    REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.... Read more

    Affected Products : redaxo
    • Published: Oct. 16, 2024
    • Modified: Jun. 13, 2025

  • 4.9

    MEDIUM
    CVE-2024-46212

    An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : redaxo
    • Published: Oct. 16, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2024-44762

    A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 294746 Results