Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-1958

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated use... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-1956

    The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-1292

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-2016

    A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the... Read more

    Affected Products : zhicms
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-48902

    An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.... Read more

    Affected Products : autoexpress
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2023-48903

    Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.... Read more

    Affected Products : autoexpress
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-48901

    A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.... Read more

    Affected Products : autoexpress
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-2015

    A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be ... Read more

    Affected Products : zhicms
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 7.5

    HIGH
    CVE-2024-24549

    Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until af... Read more

    Affected Products : fedora debian_linux tomcat
    • Published: Mar. 13, 2024
    • Modified: May. 19, 2025

  • 7.2

    HIGH
    CVE-2024-2568

    A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql in... Read more

    Affected Products : jfinalcms
    • Published: Mar. 17, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-26466

    A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL.... Read more

    Affected Products : web-platform-tests
    • Published: Feb. 26, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-41693

    Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)... Read more

    Affected Products : mashov
    • Published: Jul. 30, 2024
    • Modified: May. 19, 2025

  • 5.3

    MEDIUM
    CVE-2023-27043

    The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection m... Read more

    • EPSS Score: %0.12
    • Published: Apr. 19, 2023
    • Modified: May. 19, 2025

  • 8.1

    HIGH
    CVE-2025-3952

    The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and incl... Read more

    Affected Products : projectopia
    • Published: May. 01, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-13845

    The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Admini... Read more

    Affected Products : gravity_forms_webhooks
    • Published: May. 01, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-4149

    A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was c... Read more

    Affected Products : ex6200_firmware ex6200
    • Published: May. 01, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-24887

    OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to ... Read more

    Affected Products : opencti
    • Published: Apr. 30, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-4099

    The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : list_children
    • Published: May. 01, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-21610

    An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled Co... Read more

    Affected Products : junos mx10 mx104 mx2010 mx2020 mx240 mx40 mx480 mx80 mx960 +11 more products
    • Published: Apr. 12, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-12950

    A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The at... Read more

    • Published: Dec. 26, 2024
    • Modified: May. 18, 2025
Showing 20 of 292247 Results