Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-44001

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982.... Read more

    Affected Products : royal_elementor_addons
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-44002

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.... Read more

    Affected Products : team_showcase
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 7.1

    HIGH
    CVE-2024-44003

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5.... Read more

    Affected Products : spice_starter_sites
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-43995

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6.... Read more

    Affected Products : posterity
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-8253

    The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This mak... Read more

    Affected Products : post_grid
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 4.8

    MEDIUM
    CVE-2024-3899

    The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.... Read more

    Affected Products : envira_gallery
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 4.8

    MEDIUM
    CVE-2024-7716

    The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8440

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to ins... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 8.1

    HIGH
    CVE-2024-7626

    The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions ... Read more

    Affected Products : wp_delicious
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-8945

    A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The att... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-45604

    Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerabili... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8045

    The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : advanced_wordpress_backgrounds
    • Published: Sep. 11, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-45398

    Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advise... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-43460

    Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 8.0

    HIGH
    CVE-2024-44815

    Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 25, 2024

  • 8.8

    HIGH
    CVE-2024-8338

    A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argu... Read more

    Affected Products : shudong-share
    • Published: Aug. 30, 2024
    • Modified: Sep. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-6641

    The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. Thi... Read more

    Affected Products : wp_hardening
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-45047

    svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, bu... Read more

    Affected Products : svelte
    • Published: Aug. 30, 2024
    • Modified: Sep. 25, 2024

  • 9.4

    CRITICAL
    CVE-2024-6877

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24.... Read more

    Affected Products : panel
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 5.3

    MEDIUM
    CVE-2022-4533

    The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login ... Read more

    Affected Products : limit_login_attempts_plus
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024
Showing 20 of 291022 Results