Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-51997

    Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander l... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-52311

    Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10586

    The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-10953

    An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.7

    HIGH
    CVE-2024-52004

    MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.6

    HIGH
    CVE-2024-52007

    HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTY... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-52009

    Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate A... Read more

    Affected Products : atlantis
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 6.9

    MEDIUM
    CVE-2024-52314

    A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with c... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10547

    The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51784

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51698

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luis Rock Master Bar allows Reflected XSS.This issue affects Master Bar: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-51601

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator allows SQL Injection.This issue affects Website price calculator: from n/a through 4.1.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51614

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aajoda Aajoda Testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-51619

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Market360.Co Market 360 Viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through 1.01.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51627

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51630

    Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51704

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hanusek imPress allows Reflected XSS.This issue affects imPress: from n/a through 0.1.4.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51673

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51702

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress:... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51676

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delisho allows Reflected XSS.This issue affects Delisho: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 293606 Results