Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-2669

    The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_taxonomy_import
    • EPSS Score: %0.21
    • Published: Sep. 16, 2022
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-2654

    The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a paramet... Read more

    • EPSS Score: %0.23
    • Published: Sep. 16, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-20392

    In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrad... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-20389

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-20388

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2024-22919

    swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.... Read more

    Affected Products : swftools
    • EPSS Score: %0.08
    • Published: Jan. 19, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-22851

    Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.... Read more

    Affected Products : liveconfig
    • EPSS Score: %0.28
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-22817

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte... Read more

    Affected Products : flycms
    • EPSS Score: %0.08
    • Published: Jan. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-22773

    Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.... Read more

    • EPSS Score: %0.10
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22548

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.... Read more

    Affected Products : flycms
    • EPSS Score: %0.07
    • Published: Jan. 18, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-22496

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 23, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22491

    A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.... Read more

    Affected Products : beetl-bbs
    • EPSS Score: %0.09
    • Published: Jan. 16, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-22365

    linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.... Read more

    Affected Products : linux-pam
    • EPSS Score: %0.08
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-22108

    An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Ad... Read more

    Affected Products : gtb_central_console
    • EPSS Score: %0.18
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-22075

    Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.12
    • Published: Jan. 05, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-22021

    Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. ... Read more

    • EPSS Score: %0.26
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-11083

    The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from ... Read more

    Affected Products : profilepress
    • Published: Nov. 27, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-11024

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to upda... Read more

    Affected Products : apppresser
    • Published: Nov. 26, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11199

    The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : rescue_shortcodes
    • Published: Nov. 23, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-10802

    The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthentic... Read more

    Affected Products : hash_elements
    • Published: Nov. 13, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292738 Results