Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-3963

    The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    • Published: Jul. 13, 2024
    • Modified: Jun. 09, 2025

  • 8.5

    HIGH
    CVE-2025-32924

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.... Read more

    Affected Products : revy
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-47543

    Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.... Read more

    Affected Products : truebooker
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47542

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.... Read more

    Affected Products : simple_calendar_for_elementor
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-47540

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13.... Read more

    Affected Products : wemail wemail
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-47538

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17.... Read more

    Affected Products : cart_tracking_for_woocommerce
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-47517

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.... Read more

    Affected Products : accept_donations_with_paypal
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-39528

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS. This issue affects Rescue Shortcodes: from n/a through 3.1.... Read more

    Affected Products : rescue_shortcodes
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-9422

    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.... Read more

    • Published: Nov. 22, 2024
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-25946

    An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially c... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-49599

    Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-49128

    Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 8.9

    HIGH
    CVE-2025-49127

    Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-31585

    FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2023-50010

    FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Jun. 09, 2025

  • 8.0

    HIGH
    CVE-2023-50009

    FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2022-41404

    An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.... Read more

    Affected Products : debian_linux ini4j
    • Published: Oct. 11, 2022
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2022-28391

    BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.... Read more

    Affected Products : busybox
    • Published: Apr. 03, 2022
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2022-0563

    A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prin... Read more

    • Published: Feb. 21, 2022
    • Modified: Jun. 09, 2025

  • 5.9

    MEDIUM
    CVE-2021-40528

    The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the... Read more

    Affected Products : libgcrypt
    • Published: Sep. 06, 2021
    • Modified: Jun. 09, 2025
Showing 20 of 293365 Results