Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    CVSS31
    CVE-2024-49313

    Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    CVSS31
    CVE-2024-49312

    Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 9.3

    CVSS31
    CVE-2024-49305

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    CVSS31
    CVE-2024-49304

    Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.6

    CVSS31
    CVE-2024-49299

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 8.5

    CVSS31
    CVE-2024-49297

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 10.0

    CVSS31
    CVE-2024-49291

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-49287

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-49285

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    CVSS31
    CVE-2024-49284

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 9.3

    CVSS31
    CVE-2024-49246

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 8.5

    CVSS31
    CVE-2024-49244

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49237

    Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-49235

    Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a thro... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49229

    Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49223

    Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49221

    Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-49220

    Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-49219

    Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CVSS31
    CVE-2024-49217

    Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294 Results