Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-1233

    The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscri... Read more

    Affected Products :
    • Published: Apr. 05, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-37242

    Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31600

    Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO allows Cross Site Request Forgery. This issue affects DesignO: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37272

    Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-8595

    The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-42991

    SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on ... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-37413

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24725

    Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24623

    Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32945

    The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-29005

    Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-28996

    Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22503

    Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-8057

    In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and pe... Read more

    Affected Products : onyx
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-32271

    Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32272

    Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24698

    Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.... Read more

    Affected Products : essential_real_estate
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-26593

    Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32270

    Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1.... Read more

    Affected Products : broadstreet
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32278

    Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery. This issue affects Table Block by RioVizual: from n/a through 2.1.7.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293186 Results