Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-1717

    The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attacker... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-43295

    Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.... Read more

    Affected Products : wp_data_access
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-43265

    Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.... Read more

    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-33683

    Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. ... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-2543

    The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attac... Read more

    Affected Products : permalink_manager_lite
    • Published: Apr. 09, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2017-2258

    Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".... Read more

    Affected Products : garoon
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-33691

    Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. ... Read more

    Affected Products : optinmonster
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6925

    The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-32784

    Missing Authorization vulnerability in CookieHub.This issue affects CookieHub: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33690

    Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. ... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3545

    Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline... Read more

    • Published: Apr. 09, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-3663

    The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_scraper_multi_scrape_action() function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: May. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4427

    The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with s... Read more

    Affected Products : comparison_slider
    • Published: May. 30, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-43397

    Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessar... Read more

    Affected Products : apollo
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-5880

    The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-10208

    Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via SMTP to... Read more

    Affected Products : hospitality_e7
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-44112

    Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data tab... Read more

    Affected Products : oil_\%\/_gas
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 4.3

    MEDIUM
    CVE-2023-44234

    Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08.... Read more

    Affected Products : wp_gpx_maps
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23265

    A logged-in and authenticated user with a Reviewer Role may lock a content item.... Read more

    Affected Products : craftercms crafter_cms
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-54035

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10.... Read more

    Affected Products : newsletters
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293608 Results