Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9305

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having ... Read more

    Affected Products : apppresser
    • Published: Oct. 16, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-9105

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.6

    MEDIUM
    CVE-2024-9104

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. Th... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-8787

    The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it po... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Oct. 16, 2024
    • Modified: Feb. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-8541

    The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in ... Read more

    Affected Products : discount_rules_for_woocommerce
    • Published: Oct. 16, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-49340

    IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : watson_studio_local
    • Published: Oct. 16, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-38204

    Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_functions
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 8.6

    HIGH
    CVE-2024-38190

    Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.... Read more

    Affected Products : power_platform
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-38139

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-45085

    IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of servi... Read more

    Affected Products : websphere_application_server
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-10004

    Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.... Read more

    Affected Products : firefox
    • Published: Oct. 15, 2024
    • Modified: Apr. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-9966

    Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9965

    Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Lo... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-9964

    Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-9963

    Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-9962

    Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9961

    Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M... Read more

    Affected Products : chrome iphone_os edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9960

    Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9959

    Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-9958

    Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025
Showing 20 of 294836 Results