Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-13333

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc... Read more

    Affected Products : advanced_file_manager
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-10799

    The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, ... Read more

    Affected Products : eventer eventer
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-11396

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the... Read more

    Affected Products : event_monster
    • Published: Jan. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-45922

    glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-control... Read more

    Affected Products : mesa
    • Published: Mar. 27, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-31617

    OpenLiteSpeed before 1.8.1 mishandles chunked encoding.... Read more

    Affected Products : openlitespeed
    • Published: May. 22, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-12472

    The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenti... Read more

    Affected Products : post_duplicator
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-11327

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR... Read more

    Affected Products : clickwhale
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-49208

    scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Nov. 23, 2023
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2023-30581

    The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release li... Read more

    Affected Products : node.js
    • Published: Nov. 23, 2023
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-41201

    Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trigge... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Oct. 11, 2022
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2020-8929

    A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. Thi... Read more

    Affected Products : tink tink_c\+\+ tink_java
    • Published: Oct. 19, 2020
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-6155

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check ... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-4420

    There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid enco... Read more

    Affected Products : tink tink_c\+\+
    • Published: May. 21, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2025-37800

    In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37801

    In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37802

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to TASK_UNINTERRUPTIBLE, before doing the condition check. T... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-37803

    In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37805

    In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-1329

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-35817

    DevExpress before 23.1.3 allows AsyncDownloader SSRF.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 292778 Results