Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-7049

    In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.... Read more

    Affected Products : open_webui
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-6747

    Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data... Read more

    Affected Products : checkmk checkmk
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-9781

    AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Oct. 10, 2024
    • Modified: Nov. 25, 2024

  • 7.8

    HIGH
    CVE-2024-9780

    ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-9156

    The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.3

    MEDIUM
    CVE-2024-9520

    The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers wi... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9074

    The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products : advanced_blocks_pro
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9067

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all version... Read more

    Affected Products : youzify
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.2

    HIGH
    CVE-2024-9022

    The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products : ts_poll
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-8477

    The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on ... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9685

    The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated at... Read more

    Affected Products : notification_for_telegram
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.3

    HIGH
    CVE-2024-9581

    The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running... Read more

    Affected Products : shortcodes_anywhere
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-9522

    The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for auth... Read more

    Affected Products : wp_users_masquerade
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.2

    HIGH
    CVE-2024-9519

    The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with ed... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9518

    The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated at... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9457

    The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more

    Affected Products : wp_builder
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9377

    The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9205

    The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible ... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9072

    The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : consent_manager
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9066

    The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products : marketing_and_seo_booster
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 294846 Results