Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-49237

    Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1.... Read more

    Affected Products : ahmeti_wp_timeline
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-49235

    Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a thro... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.1

    HIGH
    CVE-2024-49229

    Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11.... Read more

    Affected Products : better_author_bio
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-49223

    Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1.... Read more

    Affected Products : cj_change_howdy
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-49221

    Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2.... Read more

    Affected Products : cslider
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-49220

    Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1.... Read more

    Affected Products : cookie_scanner
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-49219

    Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.... Read more

    Affected Products : rs-members
    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-49217

    Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.... Read more

    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 8.0

    HIGH
    CVE-2024-48638

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48637

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48636

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48635

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48634

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafte... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48633

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vul... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48632

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attac... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48631

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48630

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48629

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands ... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.5

    HIGH
    CVE-2024-47312

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.... Read more

    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.5

    HIGH
    CVE-2024-47304

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0.... Read more

    Affected Products : fluent_support
    • Published: Oct. 17, 2024
    • Modified: Jun. 09, 2025
Showing 20 of 294826 Results