Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-34061

    changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application.... Read more

    Affected Products : changedetection
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31474

    Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31576

    Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-52385

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3.... Read more

    Affected Products : team_member_-_team_with_slider
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-34047

    O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Apr. 30, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2025-31408

    Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-49858

    Missing Authorization vulnerability in Austin Passy Custom Login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through 4.1.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-49861

    Missing Authorization vulnerability in socialmediafeather Social Media Feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through 2.1.3.... Read more

    Affected Products : social_media_feather
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-0892

    The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-2871

    The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it poss... Read more

    Affected Products :
    • Published: Apr. 12, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-30455

    Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. ... Read more

    Affected Products : gamipress
    • Published: Mar. 29, 2024
    • Modified: Jan. 31, 2025

  • 4.3

    MEDIUM
    CVE-2023-47838

    Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-47756

    Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2022-43840

    IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.... Read more

    Affected Products : aspera_console
    • Published: Apr. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2023-47780

    Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through 5.1.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-30492

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. ... Read more

    Affected Products : import_export_wordpress_users
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-30613

    Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 29, 2024
    • Modified: Apr. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-2113

    The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_downlo... Read more

    Affected Products : ninja_forms
    • Published: Mar. 29, 2024
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2025-26955

    Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Industrial Lite: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-39517

    Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7.... Read more

    Affected Products : basic_interactive_world_map
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 294505 Results