Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-32820

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-32821

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45798

    A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: May. 08, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2024-4758

    The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : muslim_prayer_time_bd
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-5287

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 4.8

    MEDIUM
    CVE-2024-5286

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : affiliatewp wp_affiliate_platform
    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2024-5284

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5283

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5282

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5281

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-5280

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 8.1

    HIGH
    CVE-2023-28656

    NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: May. 03, 2023
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-3641

    The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins... Read more

    Affected Products : newsletter_popup newsletter_popup
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 6.9

    MEDIUM
    CVE-2024-3642

    The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack... Read more

    Affected Products : newsletter_popup newsletter_popup
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-3643

    The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack... Read more

    Affected Products : newsletter_popup newsletter_popup
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 4.8

    MEDIUM
    CVE-2024-3644

    The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : newsletter_popup newsletter_popup
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2023-39498

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2023-39499

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2023-39500

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2023-39501

    PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025
Showing 20 of 292801 Results