Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    CVSS31
    CVE-2024-45693

    Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated us... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    CVSS31
    CVE-2024-45710

    SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.... Read more

    Affected Products : solarwinds_platform
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-45711

    SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software env... Read more

    Affected Products : serv-u
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 5.9

    CVSS31
    CVE-2024-49288

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a thro... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49283

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 5.9

    CVSS31
    CVE-2024-49282

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49281

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floatin... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49280

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49279

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49278

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49277

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49276

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49264

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49263

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49262

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49261

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49259

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    CVSS31
    CVE-2024-49255

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49248

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.6

    CVSS31
    CVE-2024-5429

    The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : gs_logo_slider
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 349 Results