Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8734

    The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated a... Read more

    Affected Products : lucas_string_replace
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-8747

    The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : email_obfuscate_shortcode
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8737

    The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated ... Read more

    Affected Products : pdf_thumbnail_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.1

    HIGH
    CVE-2024-45606

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-45605

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scope... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-47088

    This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which co... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 8.7

    HIGH
    CVE-2024-47089

    This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-8891

    An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.... Read more

    Affected Products : q-smt_firmware q-smt
    • Published: Sep. 18, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-47145

    Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-47003

    Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-45843

    Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5567

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... Read more

    Affected Products : betheme
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-8480

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it po... Read more

    Affected Products : sirv
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7770

    The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5... Read more

    Affected Products : file_manager
    • Published: Sep. 10, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-7493

    The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for u... Read more

    Affected Products : wpcom_member
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8716

    The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for un... Read more

    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8738

    The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated... Read more

    Affected Products : seriously_simple_stats
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-8795

    The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unau... Read more

    Affected Products : ba_book_everything
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 7.3

    HIGH
    CVE-2024-8623

    The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly valida... Read more

    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-7599

    The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : advanced_sermons
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291058 Results