Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7423

    The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthentica... Read more

    Affected Products : stream
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8714

    The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes i... Read more

    Affected Products : affiliate_program_suite
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8732

    The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated a... Read more

    Affected Products : roles_\&_capabilities
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8730

    The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attacker... Read more

    Affected Products : exit_notifier
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8731

    The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : cron_jobs
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.3

    HIGH
    CVE-2024-45750

    An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Cli... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8734

    The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated a... Read more

    Affected Products : lucas_string_replace
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-8747

    The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : email_obfuscate_shortcode
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-8737

    The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated ... Read more

    Affected Products : pdf_thumbnail_generator
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 7.1

    HIGH
    CVE-2024-45606

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-45605

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scope... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-47088

    This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which co... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 8.7

    HIGH
    CVE-2024-47089

    This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-8891

    An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.... Read more

    Affected Products : q-smt_firmware q-smt
    • Published: Sep. 18, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-47145

    Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-47003

    Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-45843

    Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-5567

    The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... Read more

    Affected Products : betheme
    • Published: Sep. 13, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-8480

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it po... Read more

    Affected Products : sirv
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7770

    The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5... Read more

    Affected Products : file_manager
    • Published: Sep. 10, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291219 Results