Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-1719

    The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missi... Read more

    Affected Products : paypal_\&_stripe_add-on
    • Published: Feb. 28, 2024
    • Modified: Mar. 21, 2025

  • 4.3

    MEDIUM
    CVE-2024-1745

    The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Au... Read more

    • Published: Mar. 26, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-43319

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31.... Read more

    Affected Products : html5_video_player
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-1504

    The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This... Read more

    Affected Products : secupress
    • Published: Apr. 02, 2024
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2011-4172

    Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-20... Read more

    Affected Products : web_forum
    • Published: Oct. 24, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-2308

    Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.... Read more

    Affected Products : flowers
    • Published: Apr. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1046

    Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.... Read more

    Affected Products : cognos_tm1
    • Published: Feb. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-47170

    Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unaut... Read more

    Affected Products : agnai
    • Published: Sep. 26, 2024
    • Modified: Oct. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-43157

    Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.... Read more

    Affected Products : formcraft
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2014-5132

    Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.... Read more

    Affected Products : projectdox
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-3759

    private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a publ... Read more

    Affected Products : private_address_check
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2572

    Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.... Read more

    Affected Products : threewp_email_reflector
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-6742

    The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.... Read more

    Affected Products : envira_gallery
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-24772

    A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommend... Read more

    Affected Products : superset
    • Published: Feb. 28, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1325

    The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function.... Read more

    Affected Products : woomotiv
    • Published: Mar. 20, 2024
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-8898

    An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously ... Read more

    Affected Products : itunes iphone_os tvos safari ipados
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4086

    The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it poss... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1158

    The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page fun... Read more

    Affected Products : buddyforms
    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1931

    The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with... Read more

    Affected Products : wp_fastest_cache
    • Published: Apr. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2084

    The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plu... Read more

    Affected Products : essential_blocks
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293961 Results