Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-5408

    Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.... Read more

    Affected Products : rhinos rhinos
    • Published: May. 27, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-12061

    The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes... Read more

    Affected Products : events_addon_for_elementor
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-12601

    The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : calculated_fields_form
    • Published: Dec. 17, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-11721

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This ma... Read more

    Affected Products : frontend_admin
    • Published: Dec. 14, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-13333

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc... Read more

    Affected Products : advanced_file_manager
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-10799

    The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, ... Read more

    Affected Products : eventer eventer
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-11396

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the... Read more

    Affected Products : event_monster
    • Published: Jan. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-45922

    glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-control... Read more

    Affected Products : mesa
    • Published: Mar. 27, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-31617

    OpenLiteSpeed before 1.8.1 mishandles chunked encoding.... Read more

    Affected Products : openlitespeed
    • Published: May. 22, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-12472

    The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenti... Read more

    Affected Products : post_duplicator
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-11327

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR... Read more

    Affected Products : clickwhale
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-49208

    scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Nov. 23, 2023
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2023-30581

    The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release li... Read more

    Affected Products : node.js
    • Published: Nov. 23, 2023
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-41201

    Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trigge... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Oct. 11, 2022
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2020-8929

    A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. Thi... Read more

    Affected Products : tink tink_c\+\+ tink_java
    • Published: Oct. 19, 2020
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-6155

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check ... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-4420

    There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid enco... Read more

    Affected Products : tink tink_c\+\+
    • Published: May. 21, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2025-37800

    In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37801

    In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37802

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to TASK_UNINTERRUPTIBLE, before doing the condition check. T... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292802 Results