Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-46612

    Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6.... Read more

    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31880

    Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9.... Read more

    Affected Products : pearl_header_builder
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31845

    Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator allows Cross Site Request Forgery. This issue affects Theme Duplicator: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-31924

    Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. ... Read more

    Affected Products : image_optimizer
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31386

    Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door,... Read more

    Affected Products : sliding_door
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31852

    Cross-Site Request Forgery (CSRF) vulnerability in N-Media Bulk Product Sync allows Cross Site Request Forgery. This issue affects Bulk Product Sync: from n/a through 8.6.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31820

    Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-39586

    Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : emc_appsync appsync
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-37274

    Cross-Site Request Forgery (CSRF) vulnerability in Freshlight Lab WP Mobile Menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through 2.8.4.3.... Read more

    Affected Products : wp_mobile_menu
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37426

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37441

    Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31408

    Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-56272

    Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-0374

    The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_... Read more

    Affected Products : views_for_wpforms
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0835

    The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticate... Read more

    Affected Products : royal_elementor_kit
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0370

    The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2.... Read more

    Affected Products : views_for_wpforms
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0511

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This ... Read more

    Affected Products : royal_elementor_addons
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-29158

    An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.... Read more

    Affected Products : zammad
    • Published: Dec. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1406

    A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The e... Read more

    Affected Products : wrt54gl_firmware wrt54gl
    • Published: Feb. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0595

    The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes ... Read more

    Affected Products : awesome_support
    • Published: Feb. 10, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294745 Results