Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-32196

    A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9888

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escap... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-49218

    Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.2

    HIGH
    CVE-2019-25214

    The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perf... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2023-22650

    A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect th... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2023-7295

    The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.7

    HIGH
    CVE-2024-8040

    An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.... Read more

    Affected Products : 3dexperience
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2022-4974

    The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _s... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47351

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.1

    HIGH
    CVE-2024-22032

    A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluste... Read more

    Affected Products : rancher
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2017-20192

    The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. Th... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-9521

    The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9873

    The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all ver... Read more

    Affected Products : peepso
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-8921

    The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.4

    CRITICAL
    CVE-2023-32188

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : neuvector
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.3

    HIGH
    CVE-2023-32192

    A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2020-36832

    The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a defa... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-49227

    Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49257

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9893

    The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible fo... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294860 Results