Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-22033

    The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-49267

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9888

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escap... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2020-36834

    The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-le... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2023-7296

    The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48028

    Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.6

    MEDIUM
    CVE-2024-9104

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. Th... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2020-36833

    The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subs... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2023-7295

    The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49242

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48030

    Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49254

    Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.9

    CRITICAL
    CVE-2024-48035

    Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48026

    Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-49226

    Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.1

    HIGH
    CVE-2024-22032

    A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluste... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47351

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2023-32192

    A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2023-22650

    A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect th... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2022-4974

    The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _s... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294848 Results