Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    CVSS31
    CVE-2024-11893

    The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11878

    The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11812

    The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possib... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11806

    The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11784

    The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization a... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11783

    The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11775

    The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11774

    The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11411

    The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    CVSS31
    CVE-2024-11331

    The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes i... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.4

    CVSS31
    CVE-2024-5955

    Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orc... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-44223

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2023-42867

    This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.... Read more

    Affected Products : garageband
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11776

    The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2022-34159

    Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposure... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2022-32204

    There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilitie... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CVSS31
    CVE-2022-32203

    There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabili... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.5

    CVSS31
    CVE-2024-12678

    Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 a... Read more

    Affected Products : nomad
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 8.3

    CVSS30
    CVE-2024-12832

    Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authenticati... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.6

    CVSS30
    CVE-2024-12831

    Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 146 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 18:29