Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-4669

    The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output esca... Read more

    Affected Products : events_addon_for_elementor
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-0427

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 12, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-1909

    The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the pl... Read more

    Affected Products : buddyboss_platform
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4359

    A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. ... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4360

    A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4362

    A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4372

    Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2023-6487

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-2119

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-2953

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-35409

    WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.... Read more

    Affected Products : webid
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 6.4

    MEDIUM
    CVE-2024-1805

    The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    • Published: May. 02, 2024
    • Modified: May. 28, 2025

  • 6.4

    MEDIUM
    CVE-2024-1840

    The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    • Published: May. 02, 2024
    • Modified: May. 28, 2025

  • 6.4

    MEDIUM
    CVE-2024-1841

    The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    • Published: May. 02, 2024
    • Modified: May. 28, 2025

  • 6.4

    MEDIUM
    CVE-2024-1842

    The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    • Published: May. 02, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-22871

    An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.... Read more

    Affected Products : fedora clojure
    • Published: Feb. 29, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2023-50378

    Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious pa... Read more

    Affected Products : ambari
    • Published: Mar. 01, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-27138

    ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release ... Read more

    Affected Products : archiva
    • Published: Mar. 01, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-27139

    ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Arch... Read more

    Affected Products : archiva
    • Published: Mar. 01, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-27140

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a... Read more

    Affected Products : archiva
    • Published: Mar. 01, 2024
    • Modified: May. 28, 2025
Showing 20 of 291739 Results