Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-3594

    The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : idonate
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 7.1

    HIGH
    CVE-2024-4290

    The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : sailthru_triggermail
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-4289

    The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as... Read more

    Affected Products : sailthru_triggermail
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-13119

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-2189

    The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : social_icons_widget
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-3368

    The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : all_in_one_seo
    • Published: May. 20, 2024
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2024-2744

    The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : nextgen_gallery
    • Published: May. 17, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-13120

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13121

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13125

    The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : everest_forms
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2054

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_state.php. The manipulation of the argument state_id leads to... Read more

    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2059

    A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The manipulation of the argument ambulanceregnum leads t... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4427

    An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-4428

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2060

    A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-11182

    An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail u... Read more

    Affected Products : mdaemon email_server
    • Actively Exploited
    • Published: Nov. 15, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-27443

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the c... Read more

    Affected Products : collaboration
    • Actively Exploited
    • Published: Aug. 12, 2024
    • Modified: May. 21, 2025

  • 6.4

    MEDIUM
    CVE-2024-13805

    The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitizat... Read more

    Affected Products : advanced_file_manager
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2023-38950

    A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.... Read more

    Affected Products : biotime
    • Actively Exploited
    • EPSS Score: %79.84
    • Published: Aug. 03, 2023
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2019-1064

    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then insta... Read more

    • Actively Exploited
    • EPSS Score: %13.51
    • Published: Jun. 12, 2019
    • Modified: May. 21, 2025
Showing 20 of 292742 Results