Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-48702

    PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-24140

    Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'... Read more

    Affected Products : daily_habit_tracker
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-24134

    Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.... Read more

    Affected Products : online_food_menu
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-23739

    An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.... Read more

    Affected Products : macos discord
    • Published: Jan. 28, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-22639

    iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.... Read more

    Affected Products : igalerie
    • Published: Jan. 25, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-22559

    LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.... Read more

    Affected Products : lightcms
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-22551

    WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.... Read more

    Affected Products : whatacart
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-22545

    An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.... Read more

    Affected Products : tew-824dru_firmware tew-824dru
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 10.0

    CRITICAL
    CVE-2024-20253

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-pr... Read more

    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-0824

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it ... Read more

    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2024-0727

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A fi... Read more

    Affected Products : openssl
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-0625

    The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output... Read more

    Affected Products : wpfront_notification_bar
    • Published: Jan. 25, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2023-7199

    The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request... Read more

    Affected Products : relevanssi
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-6530

    The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : tj_shortcodes
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2023-6391

    The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : custom_user_css
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-52389

    UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of... Read more

    Affected Products : sinec_ins poco
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-51840

    DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.... Read more

    Affected Products : doracms
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2023-51833

    A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.... Read more

    • Published: Jan. 25, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48202

    Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.... Read more

    Affected Products : sunlight_cms
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48201

    Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.... Read more

    Affected Products : sunlight_cms
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025
Showing 20 of 292795 Results