Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10365

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widge... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Nov. 20, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2014-7139

    Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc par... Read more

    Affected Products : contact_form_db
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-30521

    Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top allows Cross Site Request Forgery. This issue affects GP Back To Top: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-12061

    The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes... Read more

    Affected Products : events_addon_for_elementor
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2025-47614

    Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2009-2240

    Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : free-sw_leger
    • Published: Jun. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-39918

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. T... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32522

    Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1. ... Read more

    Affected Products :
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-48285

    Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.... Read more

    Affected Products : falang
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-6836

    The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multip... Read more

    Affected Products : funnel_builder
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-40292

    Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.... Read more

    Affected Products : harman_infotainment
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8071

    Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerP... Read more

    Affected Products : openmrs
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4649

    IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.... Read more

    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5272

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the play... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2917

    Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.... Read more

    Affected Products : mpeg_encoder
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-4092

    yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    • Published: Dec. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2592

    Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.... Read more

    Affected Products : axigen_mail_server
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-25783

    Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.... Read more

    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12526

    The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. T... Read more

    Affected Products : arena.im
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2014-8314

    Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the demo... Read more

    Affected Products : hana
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293647 Results