Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-7020

    Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Sep. 23, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-5438

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. T... Read more

    Affected Products : tutor_lms
    • Published: Jun. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7046

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/det... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-58265

    The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery.... Read more

    Affected Products : snow
    • Published: Jul. 27, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-7429

    The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated at... Read more

    Affected Products : zotpress
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-7417

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and abov... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 17, 2024
    • Modified: Jan. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-7721

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes i... Read more

    Affected Products : html5_video_player
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-7004

    Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium sec... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-7975

    Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 21, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2006-1548

    Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the pa... Read more

    Affected Products : struts
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-9540

    The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated atta... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-9661

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attacke... Read more

    Affected Products : wp_all_import
    • Published: Feb. 07, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-56378

    libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.... Read more

    Affected Products : poppler
    • Published: Dec. 23, 2024
    • Modified: Dec. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-9689

    The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack... Read more

    Affected Products : post_from_frontend
    • Published: Nov. 05, 2024
    • Modified: Dec. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-56350

    In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-9626

    The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible fo... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 4.3

    MEDIUM
    CVE-2024-56348

    In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-9649

    The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_a... Read more

    Affected Products : wp_ulike
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2007-6232

    Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.... Read more

    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-9891

    The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and ... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294328 Results