Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-24446

    An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.... Read more

    Affected Products : manageengine_key_manager_plus
    • Published: Mar. 01, 2022
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2023-26839

    A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.... Read more

    Affected Products : churchcrm
    • Published: Apr. 25, 2023
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-38221

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-48047

    Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-8245

    The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2022-1793

    The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public... Read more

    Affected Products : private_files
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-53707

    Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 4.3

    MEDIUM
    CVE-2023-30544

    Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account w... Read more

    Affected Products : kiwi_tcms
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2022-24071

    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.... Read more

    Affected Products : whale whale_browser
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47849

    Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-47841

    Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-11014

    Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the manage... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-48277

    Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Progressive Web Apps: from n/a through 2.2.21.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-47337

    Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1.... Read more

    Affected Products : joy_of_text_lite
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-10780

    The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be inc... Read more

    • Published: Nov. 28, 2024
    • Modified: Jul. 14, 2025

  • 4.3

    MEDIUM
    CVE-2023-49196

    Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.... Read more

    Affected Products : pagelayer
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-10670

    The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes ... Read more

    Affected Products : primary_addon_for_elementor
    • Published: Nov. 28, 2024
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10521

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it po... Read more

    • Published: Nov. 27, 2024
    • Modified: Mar. 19, 2025

  • 4.3

    MEDIUM
    CVE-2022-35921

    fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu wi... Read more

    Affected Products : byobu
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294535 Results