Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-1747

    The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Sto... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-2843

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-3983

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46328

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46329

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-48742

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-47189

    Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-32792

    Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Jun. 09, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-21413

    Microsoft Outlook Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • Published: Feb. 13, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-24054

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-24985

    Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-30397

    Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-37226

    Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37227

    Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37231

    Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-43953

    SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.... Read more

    Affected Products : sscms sscms
    • Published: Oct. 03, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-51360

    An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file... Read more

    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-51108

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craf... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-51107

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted p... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-51101

    PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.... Read more

    Affected Products : restaurant_table_booking_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection
Showing 20 of 292795 Results