Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-48038

    Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-49289

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products : cooked
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.2

    CRITICAL
    CVE-2024-49397

    The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9951

    The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-49277

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-49285

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-49318

    Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.1

    HIGH
    CVE-2024-49308

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-49263

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.... Read more

    Affected Products : my_favorites
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.2

    HIGH
    CVE-2024-7755

    The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-49322

    Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-48022

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-3184

    Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vul... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.8

    HIGH
    CVE-2024-49398

    The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-49287

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.3

    HIGH
    CVE-2023-6729

    Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as w... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-48047

    Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.6

    HIGH
    CVE-2024-49315

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-48037

    Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2.... Read more

    Affected Products : contact_form_widget
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.9

    MEDIUM
    CVE-2024-3187

    This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is e... Read more

    Affected Products : goahead
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 291830 Results