Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-22652

    A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.... Read more

    Affected Products : libeconf
    • EPSS Score: %0.07
    • Published: Jun. 01, 2023
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-31008

    An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 03, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-2369

    The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : coblocks
    • Published: Apr. 02, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-2263

    Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-2262

    Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 2.4

    LOW
    CVE-2024-32325

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.... Read more

    Affected Products : ex200_firmware ex200
    • Published: Apr. 18, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-1846

    The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : responsive_tabs
    • Published: Apr. 15, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-1664

    The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    • Published: Apr. 09, 2024
    • Modified: May. 13, 2025

  • 6.6

    MEDIUM
    CVE-2024-28224

    Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).... Read more

    Affected Products : ollama
    • Published: Apr. 08, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-2509

    The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above t... Read more

    • Published: Apr. 05, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2024-2721

    Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. ... Read more

    Affected Products : social_media_share_buttons
    • Published: Mar. 20, 2024
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-26280

    Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users... Read more

    Affected Products : airflow
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-0719

    The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    Affected Products : tabs_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-0711

    The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : buttons_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-25325

    SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.... Read more

    Affected Products : employee_management_system
    • Published: Mar. 12, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-11861

    EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-31585

    Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-25016

    IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.... Read more

    Affected Products : mq mq_appliance
    • Published: Mar. 03, 2024
    • Modified: May. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-56338

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Mar. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1551

    IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali... Read more

    Affected Products : operational_decision_manager
    • Published: Apr. 29, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291779 Results