Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-41113

    An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain... Read more

    Affected Products : postgres_advanced_server
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-28760

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.... Read more

    Affected Products : app_connect_enterprise
    • Published: May. 14, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2025-24526

    Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export ch... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-33956

    Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. ... Read more

    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34557

    Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. ... Read more

    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4139

    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrit... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4199

    The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenti... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3609

    The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. Th... Read more

    Affected Products : reviewx
    • Published: May. 16, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-34756

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4875

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possib... Read more

    • Published: May. 21, 2024
    • Modified: Jan. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-35385

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.... Read more

    Affected Products : mjs
    • Published: May. 21, 2024
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2023-49874

    Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6434

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possibl... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Jul. 04, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6168

    The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39897

    zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other reposi... Read more

    Affected Products : zot
    • Published: Jul. 09, 2024
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-43397

    Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessar... Read more

    Affected Products : apollo
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-5880

    The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32939

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visi... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-13336

    The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauth... Read more

    Affected Products : disable_auto_updates
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-45193

    An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects produc... Read more

    Affected Products : olm
    • Published: Aug. 22, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 294863 Results