Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-47186

    Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and... Read more

    Affected Products : filament
    • Published: Sep. 27, 2024
    • Modified: Oct. 07, 2024

  • 8.7

    HIGH
    CVE-2024-9301

    A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a... Read more

    Affected Products : e2nest
    • Published: Sep. 27, 2024
    • Modified: Oct. 07, 2024

  • 6.4

    MEDIUM
    CVE-2024-8325

    The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via severa... Read more

    Affected Products : blockspare
    • Published: Sep. 04, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-7870

    The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log fi... Read more

    Affected Products : pixelyoursite
    • Published: Sep. 04, 2024
    • Modified: Oct. 07, 2024

  • 7.2

    HIGH
    CVE-2024-44030

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.... Read more

    Affected Products : checkout_mestres_wp
    • Published: Oct. 02, 2024
    • Modified: Oct. 05, 2024

  • 6.4

    MEDIUM
    CVE-2024-8318

    The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    Affected Products : attributes_for_blocks
    • Published: Sep. 04, 2024
    • Modified: Oct. 05, 2024

  • 5.7

    MEDIUM
    CVE-2024-44744

    An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8922

    The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possibl... Read more

    Affected Products : product_enquiry_for_woocommerce
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.2

    HIGH
    CVE-2024-6931

    The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more

    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8681

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8965

    The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products : absolute_reviews
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-28948

    Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.... Read more

    Affected Products : adam-5630_firmware adam-5630
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8991

    The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : openstreetmap
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9359

    A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9360

    A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to i... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9049

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on ... Read more

    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-47182

    Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in ver... Read more

    Affected Products : dozzle
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-7149

    The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, ... Read more

    Affected Products : eventin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-47184

    Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.... Read more

    Affected Products : ampache
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9280

    A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads... Read more

    Affected Products : kvf-admin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291219 Results