Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-23178

    An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.38
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23177

    An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.42
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23173

    An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.42
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22494

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.05
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22492

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 4.6

    MEDIUM
    CVE-2024-22028

    Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the in... Read more

    • EPSS Score: %0.04
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 2.4

    LOW
    CVE-2024-0230

    A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.... Read more

    • EPSS Score: %5.16
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-7071

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization... Read more

    Affected Products : essential_blocks
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7048

    The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthentica... Read more

    Affected Products : my_sticky_bar
    • EPSS Score: %0.12
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7019

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. ... Read more

    Affected Products : lightstart
    • EPSS Score: %0.10
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-6988

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user... Read more

    Affected Products : colibri_page_builder
    • EPSS Score: %0.16
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2023-6924

    The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.19
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-6882

    The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : simple_membership
    • EPSS Score: %1.27
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-6855

    The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pm... Read more

    Affected Products : paid_memberships_pro
    • EPSS Score: %0.35
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6843

    The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.... Read more

    Affected Products : easy.jobs
    • EPSS Score: %0.10
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-6684

    The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' use... Read more

    Affected Products : ibtana
    • EPSS Score: %0.15
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6638

    The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticat... Read more

    Affected Products : gg_woo_feed
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35058

    An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6637

    The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unaut... Read more

    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6634

    The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible ... Read more

    Affected Products : learnpress
    • EPSS Score: %90.53
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292727 Results