Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-22388

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-22389

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, includ... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-22390

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum l... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-10563

    The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and... Read more

    Affected Products : woo_cart_count_shortcode
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12737

    The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege u... Read more

    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13629

    The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : pushbiz
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13630

    The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : newsticker
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13631

    The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : om_stripe
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13632

    The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_extra_fields
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13633

    The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : simple_catalogue
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13634

    The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : post_sync
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13669

    The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : calendapp
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13678

    The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : r3w_instafeed
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2024-56408

    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to the pos... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Jan. 03, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-50976

    Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.... Read more

    Affected Products : redpanda
    • EPSS Score: %0.09
    • Published: Dec. 18, 2023
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41870

    AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.... Read more

    Affected Products : innovaphone_firmware
    • EPSS Score: %0.46
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-40408

    FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.11
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40314

    A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.... Read more

    Affected Products : moodle
    • EPSS Score: %5.44
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.1

    HIGH
    CVE-2022-40313

    Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.... Read more

    • EPSS Score: %0.34
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-40277

    Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of ex... Read more

    Affected Products : linux_kernel ubuntu_linux joplin joplin
    • EPSS Score: %0.06
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025
Showing 20 of 292247 Results