Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-29686

    Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only ... Read more

    Affected Products : winter
    • Published: Mar. 29, 2024
    • Modified: May. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-29776

    Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. ... Read more

    Affected Products : eventprime
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-29272

    Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.... Read more

    Affected Products : vvvebjs
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-25168

    SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.... Read more

    Affected Products : snow
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-28559

    SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.... Read more

    Affected Products : b2b2c_multi-business
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-28560

    SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.... Read more

    Affected Products : b2b2c_multi-business niushop
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-30187

    Anope before 2.0.15 does not prevent resetting the password of a suspended account.... Read more

    Affected Products : anope
    • Published: Mar. 25, 2024
    • Modified: May. 28, 2025

  • 7.3

    HIGH
    CVE-2024-2864

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5. ... Read more

    Affected Products : youzify
    • Published: Mar. 25, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-25807

    Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.... Read more

    Affected Products : lychee
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-26557

    Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.... Read more

    Affected Products : codiad
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 8.3

    HIGH
    CVE-2024-25808

    Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.... Read more

    Affected Products : lychee
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-29271

    Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.... Read more

    Affected Products : vvvebjs
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-3601

    The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for ... Read more

    Affected Products : poll_maker
    • Published: May. 02, 2024
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-9462

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : poll_maker
    • Published: Oct. 26, 2024
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2024-9475

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and... Read more

    Affected Products : poll_maker
    • Published: Oct. 26, 2024
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-12115

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function... Read more

    Affected Products : poll_maker
    • Published: Dec. 07, 2024
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2024-3600

    The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all vers... Read more

    Affected Products : poll_maker
    • Published: Apr. 19, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2023-49453

    Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.... Read more

    Affected Products : dedecms racktables
    • Published: Mar. 12, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2023-41504

    SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 13, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-41505

    An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 13, 2024
    • Modified: May. 28, 2025
Showing 20 of 291736 Results