Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-41736

    Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.... Read more

    Affected Products : permit_to_work
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-42377

    SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application... Read more

    Affected Products : shared_service_framework
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-33683

    Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. ... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33691

    Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. ... Read more

    Affected Products : optinmonster
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33690

    Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. ... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31096

    Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0892

    The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-30455

    Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. ... Read more

    Affected Products : gamipress
    • Published: Mar. 29, 2024
    • Modified: Jan. 31, 2025

  • 4.3

    MEDIUM
    CVE-2024-7605

    The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contri... Read more

    Affected Products : helloasso
    • Published: Sep. 05, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-30492

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. ... Read more

    Affected Products : import_export_wordpress_users
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-30613

    Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 29, 2024
    • Modified: Apr. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-2113

    The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_downlo... Read more

    Affected Products : ninja_forms
    • Published: Mar. 29, 2024
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-2844

    The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthent... Read more

    Affected Products : easy_appointments
    • Published: Mar. 29, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-34047

    O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Apr. 30, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-29240

    Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-1717

    The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attacker... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6925

    The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-34061

    changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application.... Read more

    Affected Products : changedetection
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28492

    Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10.... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4128

    This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with... Read more

    Affected Products : firebase_command_line_interface
    • Published: May. 02, 2024
    • Modified: Jul. 22, 2025
Showing 20 of 294733 Results