Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-49218

    Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49257

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-49227

    Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-48042

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.... Read more

    Affected Products : contact_form
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9105

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2020-36839

    The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to ... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-49270

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HashThemes Smart Blocks allows Stored XSS.This issue affects Smart Blocks: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-9652

    The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : locatoraid_store_locator
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2024-22033

    The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-49267

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2021-4443

    The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2016-15040

    The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.9

    HIGH
    CVE-2024-9348

    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.... Read more

    Affected Products : desktop
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-22034

    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2012-10018

    The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ul... Read more

    Affected Products : mapplic
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.2

    HIGH
    CVE-2019-25214

    The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perf... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49242

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9873

    The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all ver... Read more

    Affected Products : peepso
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-9521

    The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2017-20192

    The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. Th... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294858 Results