Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-43156

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.... Read more

    Affected Products : post_grid_master
    • Published: Aug. 12, 2024
    • Modified: May. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-6724

    The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : magic_post_thumbnail
    • Published: Aug. 13, 2024
    • Modified: May. 27, 2025

  • 6.4

    MEDIUM
    CVE-2025-32951

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type he... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2022-40262

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 9.1

    CRITICAL
    CVE-2022-40186

    An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to th... Read more

    Affected Products : vault
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-38916

    A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files... Read more

    Affected Products : pagekit
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-38550

    A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jeesns
    • Published: Sep. 19, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-38512

    The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XL... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37204

    Final CMS 5.1.0 is vulnerable to SQL Injection.... Read more

    Affected Products : jfinal_cms
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-28982

    A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-28981

    Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.... Read more

    Affected Products : liferay_portal
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-28980

    Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2022-26873

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-38749

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.... Read more

    Affected Products : olive_one_click_demo_import
    • Published: Aug. 13, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6460

    The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in tho... Read more

    Affected Products : grow
    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42639

    H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.... Read more

    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6459

    The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execu... Read more

    Affected Products : news_element
    • Published: Aug. 17, 2024
    • Modified: May. 27, 2025

  • 8.1

    HIGH
    CVE-2024-43239

    Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.... Read more

    Affected Products : masteriyo
    • Published: Aug. 18, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-32952

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-32950

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293542 Results