Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-43118

    Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Nov. 01, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-10027

    The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : wp_booking_calendar
    • Published: Nov. 07, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-20926

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: ... Read more

    • EPSS Score: %0.27
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42906

    powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, c... Read more

    Affected Products : debian_linux powerline_gitstatus
    • EPSS Score: %0.07
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42902

    In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code ... Read more

    Affected Products : debian_linux lava
    • EPSS Score: %0.30
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42163

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 8.0

    HIGH
    CVE-2024-45772

    Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.repli... Read more

    Affected Products : lucene lucene_replicator
    • Published: Sep. 30, 2024
    • Modified: May. 15, 2025

  • 7.6

    HIGH
    CVE-2025-3744

    Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.... Read more

    Affected Products : nomad
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7982

    The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    • Published: Nov. 08, 2024
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2024-9874

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter ... Read more

    Affected Products : poll_maker
    • Published: Nov. 09, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-9835

    The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    • Published: Nov. 12, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-9836

    The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : rss_feed_widget rss_feed_widget
    • Published: Nov. 12, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10146

    The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.... Read more

    Affected Products : simple_file_list
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 8.6

    HIGH
    CVE-2024-9186

    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated ... Read more

    Affected Products : funnelkit_automations
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10482

    The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : media_library_tools
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-24059

    springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.... Read more

    Affected Products : springboot-manager
    • EPSS Score: %0.13
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-22927

    Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • EPSS Score: %2.55
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-20977

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • EPSS Score: %0.23
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-20948

    Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : knowledge_management
    • EPSS Score: %0.22
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2023-5841

    Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. T... Read more

    Affected Products : openexr
    • EPSS Score: %0.66
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025
Showing 20 of 291722 Results