Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-45711

    SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software env... Read more

    Affected Products : serv-u
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-45710

    SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.... Read more

    Affected Products : solarwinds_platform
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-45693

    Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated us... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2024-45462

    The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain ac... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2024-45461

    The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Feb. 12, 2025

  • 8.5

    HIGH
    CVE-2024-45219

    Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or v... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45217

    Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45216

    Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL pa... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 6.4

    MEDIUM
    CVE-2023-7296

    The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2023-7295

    The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.4

    HIGH
    CVE-2023-22649

    A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, onl... Read more

    Affected Products : rancher rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 7.1

    HIGH
    CVE-2021-4452

    The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : google_language_translator
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2020-36842

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers ... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2020-36840

    The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This ma... Read more

    Affected Products : timetable_and_event_schedule
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 5.3

    MEDIUM
    CVE-2017-20194

    The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entri... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 6.1

    MEDIUM
    CVE-2017-20193

    The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta... Read more

    Affected Products : product_vendors
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2016-15042

    The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file`... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 6.4

    MEDIUM
    CVE-2024-9582

    The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.4

    HIGH
    CVE-2024-8918

    The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with... Read more

    Affected Products : file_manager_pro file_manager
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8746

    The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it po... Read more

    Affected Products : file_manager_pro file_manager
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294848 Results