Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-8404

    An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF ... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Sep. 26, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-51401

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35... Read more

    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-34241

    A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.... Read more

    Affected Products : rocket_lms
    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-2218

    The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : luckywp_table_of_contents
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3965

    The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : pray_for_me
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-3993

    The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : azan
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-4271

    The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svgator
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-4480

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3236

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : popup_builder popup_builder
    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-4305

    The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo... Read more

    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-28595

    SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.... Read more

    • Published: Mar. 19, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-22652

    A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.... Read more

    Affected Products : libeconf
    • EPSS Score: %0.07
    • Published: Jun. 01, 2023
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-31008

    An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 03, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-2369

    The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : coblocks
    • Published: Apr. 02, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-2263

    Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-2262

    Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 2.4

    LOW
    CVE-2024-32325

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.... Read more

    Affected Products : ex200_firmware ex200
    • Published: Apr. 18, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-1846

    The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : responsive_tabs
    • Published: Apr. 15, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-1664

    The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    • Published: Apr. 09, 2024
    • Modified: May. 13, 2025

  • 6.6

    MEDIUM
    CVE-2024-28224

    Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).... Read more

    Affected Products : ollama
    • Published: Apr. 08, 2024
    • Modified: May. 13, 2025
Showing 20 of 291750 Results