Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9211

    The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for una... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.6

    CRITICAL
    CVE-2024-9164

    An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.... Read more

    Affected Products : gitlab
    • Published: Oct. 11, 2024
    • Modified: Dec. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-9051

    The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user s... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-8970

    An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain cir... Read more

    Affected Products : gitlab
    • Published: Oct. 11, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-8913

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widg... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Oct. 11, 2024
    • Modified: Feb. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-7514

    The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authentica... Read more

    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 4.4

    MEDIUM
    CVE-2024-6971

    A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such ... Read more

    Affected Products : lollms lollms-webui lollms-webui
    • Published: Oct. 11, 2024
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-5005

    An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose proje... Read more

    Affected Products : gitlab
    • Published: Oct. 11, 2024
    • Modified: Dec. 12, 2024

  • 6.6

    MEDIUM
    CVE-2024-48987

    Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.... Read more

    Affected Products : snipe-it
    • Published: Oct. 11, 2024
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2024-45317

    A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.... Read more

    Affected Products : sma1000_firmware
    • Published: Oct. 11, 2024
    • Modified: Mar. 22, 2025

  • 7.8

    HIGH
    CVE-2024-45316

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leadin... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-45315

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leadin... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-21534

    All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were ... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.7

    MEDIUM
    CVE-2023-42133

    PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in fir... Read more

    Affected Products : paydroid
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9822

    The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to l... Read more

    Affected Products : pedalo_connector
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9818

    A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9817

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 6.9

    MEDIUM
    CVE-2024-47872

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files c... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 9.1

    CRITICAL
    CVE-2024-47871

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the c... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.1

    HIGH
    CVE-2024-47870

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294850 Results