Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-1089

    The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack... Read more

    Affected Products : coupon_zen
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 4.3

    MEDIUM
    CVE-2023-1333

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated att... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6883

    The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up... Read more

    Affected Products : event_espresso
    • Published: Aug. 21, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2023-1086

    The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack... Read more

    Affected Products : preview_link_generator
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 4.3

    MEDIUM
    CVE-2023-1029

    The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated a... Read more

    Affected Products : wp_meta_seo
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1221

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severi... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1639

    Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."... Read more

    Affected Products : office
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-7001

    Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Mar. 19, 2025

  • 4.3

    MEDIUM
    CVE-2024-6857

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-9223

    The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Nov. 23, 2024
    • Modified: Nov. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-7003

    Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 4.3

    MEDIUM
    CVE-2023-0763

    The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack... Read more

    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2024-8906

    Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-4184

    Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4182

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-40309

    Users with write permissions to a repository can delete arbitrary directories.... Read more

    Affected Products : archiva
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-4124

    The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them... Read more

    Affected Products : popup_manager
    • Published: Dec. 19, 2022
    • Modified: Apr. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-8974

    Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2022-40671

    Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.... Read more

    Affected Products : rate_my_post_-_wp_rating_system
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-9155

    Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024
Showing 20 of 293623 Results