Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-6530

    The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : tj_shortcodes
    • EPSS Score: %0.16
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2023-6391

    The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : custom_user_css
    • EPSS Score: %0.10
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-52389

    UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of... Read more

    Affected Products : sinec_ins poco
    • EPSS Score: %0.14
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-51840

    DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.... Read more

    Affected Products : doracms
    • EPSS Score: %0.24
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2023-51833

    A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.... Read more

    • EPSS Score: %0.62
    • Published: Jan. 25, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48202

    Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.... Read more

    Affected Products : sunlight_cms
    • EPSS Score: %0.11
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48201

    Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.... Read more

    Affected Products : sunlight_cms
    • EPSS Score: %0.12
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48128

    An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48126

    An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-38323

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • EPSS Score: %0.24
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-38527

    UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.... Read more

    Affected Products : ucms
    • EPSS Score: %0.11
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38509

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-38351

    A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.... Read more

    Affected Products : biostar_2
    • EPSS Score: %0.13
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35060

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.1

    HIGH
    CVE-2022-2995

    Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set... Read more

    Affected Products : cri-o
    • EPSS Score: %0.03
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-28321

    The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such con... Read more

    Affected Products : linux-pam tumbleweed
    • EPSS Score: %0.10
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2022-28204

    A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.30
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 4.0

    MEDIUM
    CVE-2024-36795

    Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 06, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4756

    The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wp_backpack
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-36787

    An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025
Showing 20 of 291756 Results