Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-11646

    A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.... Read more

    • Published: Oct. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-47471

    Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9.... Read more

    Affected Products : envo_extra
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-32109

    Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32105

    Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-47467

    Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0.... Read more

    Affected Products : gs_testimonial_slider
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-47470

    Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-31271

    Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. ... Read more

    Affected Products : ultimate_maps
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12046

    The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This ma... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-31250

    Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-47451

    Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47446

    Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6.... Read more

    Affected Products : listamester
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-31360

    Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31364

    Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-25774

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to... Read more

    Affected Products : windows apex_one
    • Published: Sep. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15595

    An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP r... Read more

    • Published: Sep. 30, 2020
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2025-3949

    The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in... Read more

    Affected Products : website_builder_by_seedprod
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-15731

    An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefe... Read more

    Affected Products : engines
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-9542

    The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for auth... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-21249

    Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to co... Read more

    • Published: Oct. 15, 2024
    • Modified: Nov. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-49384

    Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025
Showing 20 of 294299 Results