Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-50454

    Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-50422

    Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-48138

    A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-50421

    Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-50424

    Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 4.6

    MEDIUM
    CVE-2024-50344

    I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50354

    gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal... Read more

    Affected Products : gnark-crypto
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 6.3

    MEDIUM
    CVE-2024-50347

    Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in ... Read more

    Affected Products : laravel
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 5.2

    MEDIUM
    CVE-2024-31973

    Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-21510

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Att... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-10454

    Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click h... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-10399

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.7

    HIGH
    CVE-2024-0106

    NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service... Read more

    Affected Products : bluefield_1_firmware
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-10232

    The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-10367

    The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization... Read more

    Affected Products : otter_blocks
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-9430

    The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This ... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9884

    The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.8

    HIGH
    CVE-2024-21537

    Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the d... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9886

    The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-51419

    Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 293521 Results