Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-1024

    The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with sub... Read more

    Affected Products : wp_meta_seo
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1339

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6824

    Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) w... Read more

    Affected Products : php_icalendar
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-4204

    The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible f... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34809

    Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-48714

    Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFie... Read more

    Affected Products : framework
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-1880

    A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to... Read more

    Affected Products : i11_firmware i12_firmware
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-5770

    The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenti... Read more

    Affected Products : wp_force_ssl
    • Published: Jun. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-5942

    Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.... Read more

    Affected Products : garoon
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1842

    The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack... Read more

    Affected Products : openbook_book_data
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-24741

    SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read... Read more

    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-38313

    In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.... Read more

    Affected Products : firefox
    • Published: Jun. 13, 2024
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-11154

    The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-11143

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_a... Read more

    Affected Products : kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-25150

    Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users ... Read more

    • Published: Feb. 20, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2011-1357

    Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML... Read more

    • Published: Aug. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-2080

    The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Att... Read more

    Affected Products : sensei_lms
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-50900

    Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.... Read more

    Affected Products : master_slider
    • Published: Jun. 19, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2023-6070

    A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where... Read more

    Affected Products : enterprise_security_manager
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-7019

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. ... Read more

    Affected Products : lightstart
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 294535 Results