Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-36980

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more

    Affected Products : openplc_v3_firmware
    • Published: Sep. 18, 2024
    • Modified: Sep. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-5799

    The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.... Read more

    Affected Products : cm_popup
    • Published: Sep. 12, 2024
    • Modified: Sep. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-6887

    The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even whe... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 26, 2024

  • 7.2

    HIGH
    CVE-2024-7766

    The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : adicon_server
    • Published: Sep. 12, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5867

    The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : delicate
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5789

    The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : triton_lite
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5870

    The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : tweaker5
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-7816

    The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : gixaw_chat
    • Published: Sep. 12, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5884

    The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : beauty
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7423

    The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthentica... Read more

    Affected Products : stream
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8714

    The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes i... Read more

    Affected Products : affiliate_program_suite
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8732

    The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated a... Read more

    Affected Products : roles_\&_capabilities
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8730

    The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attacker... Read more

    Affected Products : exit_notifier
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8731

    The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : cron_jobs
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.3

    HIGH
    CVE-2024-45750

    An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Cli... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8734

    The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated a... Read more

    Affected Products : lucas_string_replace
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-8747

    The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : email_obfuscate_shortcode
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8737

    The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated ... Read more

    Affected Products : pdf_thumbnail_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.1

    HIGH
    CVE-2024-45606

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-45605

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scope... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291170 Results