Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-47793

    Missing Authorization vulnerability in acmethemes Acme Fix Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2025-54041

    Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-47776

    Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2006-2886

    view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another v... Read more

    Affected Products : knowledgetree_open_source
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-4416

    The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated at... Read more

    Affected Products : wp-mpdf
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4423

    The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated a... Read more

    Affected Products : rays_grid
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47849

    Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-47841

    Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-12538

    The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-4796

    The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possib... Read more

    Affected Products : booster_for_woocommerce
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-48277

    Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Progressive Web Apps: from n/a through 2.2.21.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-2608

    The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the project... Read more

    Affected Products : multiple_page_generator
    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-5355

    The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.... Read more

    Affected Products : emc_isilon_onefs
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-49196

    Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.... Read more

    Affected Products : pagelayer
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-53785

    Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2025-53200

    Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-39511

    Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2.... Read more

    Affected Products : pinterest_automatic_pin
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-31708

    A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.... Read more

    Affected Products : eyoucms
    • Published: May. 23, 2023
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-32299

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-0278

    HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.... Read more

    Affected Products : traveler
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294447 Results