Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-29093

    Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. ... Read more

    Affected Products :
    • Published: Mar. 19, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1089

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authe... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-1092

    The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and incl... Read more

    Affected Products : rss_aggregator_by_feedzy
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20715

    Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.... Read more

    Affected Products : hot_pepper_gourmet
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1251

    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.... Read more

    Affected Products : ask_me
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-2092

    Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the o... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-23575

    Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affe... Read more

    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1091

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authen... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-4205

    The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authentic... Read more

    Affected Products : premium_addons_for_elementor
    • Published: May. 31, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2023-5537

    The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attack... Read more

    Affected Products : delete_usermeta
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8071

    Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerP... Read more

    Affected Products : openmrs
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-43215

    Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.... Read more

    Affected Products : social_slider_widget
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-31944

    Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. ... Read more

    Affected Products :
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47705

    IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.... Read more

    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-30216

    Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affect... Read more

    Affected Products :
    • Published: Apr. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2917

    Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.... Read more

    Affected Products : mpeg_encoder
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10897

    The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible f... Read more

    Affected Products : tutor_lms_elementor_addons
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2009-1047

    Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vecto... Read more

    Affected Products : drupal print
    • Published: Mar. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-0149

    Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.... Read more

    Affected Products : jboss_web_framework_kit
    • Published: May. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-7018

    Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an ad... Read more

    Affected Products : easy_php_calendar
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293562 Results