Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-13633

    The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : simple_catalogue
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13634

    The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : post_sync
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13669

    The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : calendapp
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13678

    The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : r3w_instafeed
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2024-56408

    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to the pos... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Jan. 03, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-50976

    Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.... Read more

    Affected Products : redpanda
    • Published: Dec. 18, 2023
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41870

    AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.... Read more

    Affected Products : innovaphone_firmware
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-40408

    FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.... Read more

    Affected Products : feehicms
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40314

    A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.... Read more

    Affected Products : moodle
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.1

    HIGH
    CVE-2022-40313

    Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.... Read more

    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-40277

    Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of ex... Read more

    Affected Products : linux_kernel ubuntu_linux joplin joplin
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-40274

    Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.... Read more

    Affected Products : linux_kernel gridea
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.6

    MEDIUM
    CVE-2022-1959

    AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.... Read more

    Affected Products : applock
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-37131

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the applica... Read more

    • Published: Jun. 13, 2024
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2024-24903

    Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access t... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24904

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24906

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of mal... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.3

    HIGH
    CVE-2024-24900

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. E... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24905

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24907

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage o... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025
Showing 20 of 292786 Results