Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7289

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql ... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-38989

    izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43163

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43126

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS an... Read more

    Affected Products : sender
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43164

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43213

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.... Read more

    Affected Products : multivendorx
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-2259

    This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending ... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43216

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Patrick Posner Filr – Secure document library allows Stored XSS.This issue affects Filr – Secure document library: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-43130

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.5

    HIGH
    CVE-2024-38787

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a ... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43139

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43165

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43155

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.... Read more

    Affected Products : comboblocks
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-38752

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.... Read more

    Affected Products : zoho_campaigns
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43123

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2.... Read more

    Affected Products : card_elements_for_elementor
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-43160

    Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43220

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.... Read more

    Affected Products : form_maker
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43233

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.... Read more

    Affected Products : bsk_forms_blacklist
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.5

    HIGH
    CVE-2024-43131

    Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a bef... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-38724

    Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary an... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 293942 Results