Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10795

    The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for a... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-10593

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validat... Read more

    Affected Products : wpforms
    • Published: Nov. 13, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2022-39225

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is kno... Read more

    Affected Products : parse-server
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47841

    Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-31032

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can... Read more

    Affected Products : tuleap
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47849

    Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-10854

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Jan. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-10521

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it po... Read more

    • Published: Nov. 27, 2024
    • Modified: Mar. 19, 2025

  • 4.3

    MEDIUM
    CVE-2025-48265

    Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37443

    Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-10533

    The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers,... Read more

    Affected Products : wp_chat_app
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2021-1410

    A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authori... Read more

    Affected Products : webex_meetings
    • Published: Nov. 18, 2024
    • Modified: Aug. 05, 2025

  • 4.3

    MEDIUM
    CVE-2025-49164

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2023-49859

    Missing Authorization vulnerability in Pixelite Login With Ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through 4.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2022-2405

    The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup... Read more

    Affected Products : wp_popup_builder
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-40310

    Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.... Read more

    Affected Products : rate_my_post_-_wp_rating_system
    • Published: Sep. 23, 2022
    • Modified: Feb. 20, 2025

  • 4.3

    MEDIUM
    CVE-2022-1793

    The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public... Read more

    Affected Products : private_files
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-51460

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 11, 2024
    • Modified: Jan. 14, 2025

  • 4.3

    MEDIUM
    CVE-2006-2870

    Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable.... Read more

    Affected Products : asp_discussion_forum
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-10670

    The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes ... Read more

    Affected Products : primary_addon_for_elementor
    • Published: Nov. 28, 2024
    • Modified: Apr. 11, 2025
Showing 20 of 294837 Results