Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-7151

    The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as... Read more

    • EPSS Score: %0.26
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-7083

    The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : voting_record
    • EPSS Score: %0.16
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 4.8

    MEDIUM
    CVE-2023-6732

    The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : ultimate_maps
    • EPSS Score: %0.08
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-6292

    The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : ecwid_ecommerce_shopping_cart
    • EPSS Score: %0.12
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-5922

    The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access a... Read more

    Affected Products : royal_elementor_addons
    • EPSS Score: %1.02
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-52069

    kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.... Read more

    Affected Products : kodbox
    • EPSS Score: %0.08
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2023-51217

    An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component.... Read more

    Affected Products : tws-200_firmware tws-200
    • EPSS Score: %1.46
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-50614

    An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.... Read more

    Affected Products : e880-ir01_firmware e880-ir01
    • EPSS Score: %0.06
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-50028

    In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.... Read more

    Affected Products : sliding_cart_block
    • EPSS Score: %0.14
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-49943

    Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.... Read more

    Affected Products : manageengine_servicedesk_plus_msp
    • EPSS Score: %0.84
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-48858

    A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.18
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 5.5

    MEDIUM
    CVE-2023-48345

    In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.01
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-46952

    Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.14
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 2.7

    LOW
    CVE-2023-2252

    The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.... Read more

    Affected Products : directorist
    • EPSS Score: %11.53
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-27168

    An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.... Read more

    Affected Products : write-back_manager
    • EPSS Score: %0.24
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-0769

    The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.... Read more

    Affected Products : migration_simple
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-0376

    The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S... Read more

    Affected Products : qubely
    • EPSS Score: %0.23
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-21726

    Inadequate content filtering leads to XSS vulnerabilities in various components.... Read more

    Affected Products : joomla\!
    • Published: Feb. 29, 2024
    • Modified: Jun. 02, 2025

  • 6.4

    MEDIUM
    CVE-2023-50726

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be l... Read more

    Affected Products : argo-cd argo_cd
    • Published: Mar. 13, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2024-25228

    Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Mar. 14, 2024
    • Modified: Jun. 02, 2025
Showing 20 of 292735 Results