Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-49771

    MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be con... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50431

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14.... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-42028

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Net... Read more

    Affected Products : unifi_network_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10185

    The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-50420

    Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.... Read more

    Affected Products : adirectory
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.1

    MEDIUM
    CVE-2024-10478

    A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross ... Read more

    Affected Products : pb-cms
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-10241

    Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 7.1

    HIGH
    CVE-2024-49678

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50413

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.... Read more

    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50550

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.... Read more

    Affected Products : litespeed_cache
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-50415

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a throu... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10227

    The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products : affiliate-toolkit
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-50052

    Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-50481

    Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.9

    CRITICAL
    CVE-2024-50480

    Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50485

    : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50475

    Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-9438

    The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-50482

    Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-50418

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 293568 Results