Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2024-56826

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.... Read more

    Affected Products : enterprise_linux openjpeg
    • Published: Jan. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2024-44087

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validat... Read more

    Affected Products : automation_license_manager
    • Published: Sep. 10, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-31895

    A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200... Read more

    • EPSS Score: %2.33
    • Published: Jul. 13, 2021
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-1394

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The obj... Read more

    • Published: Mar. 21, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2025-32152

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: ... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31789

    Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-8404

    An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF ... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Sep. 26, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-51401

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35... Read more

    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-34241

    A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.... Read more

    Affected Products : rocket_lms
    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-2218

    The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : luckywp_table_of_contents
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3965

    The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : pray_for_me
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-3993

    The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : azan
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-4271

    The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svgator
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-4480

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3236

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : popup_builder popup_builder
    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-4305

    The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo... Read more

    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-28595

    SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.... Read more

    • Published: Mar. 19, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-22652

    A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.... Read more

    Affected Products : libeconf
    • EPSS Score: %0.07
    • Published: Jun. 01, 2023
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-31008

    An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 03, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-2369

    The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : coblocks
    • Published: Apr. 02, 2024
    • Modified: May. 13, 2025
Showing 20 of 291756 Results