Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2024-4271

    The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svgator
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-4480

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3236

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : popup_builder popup_builder
    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-4305

    The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo... Read more

    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-28595

    SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.... Read more

    • Published: Mar. 19, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-22652

    A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.... Read more

    Affected Products : libeconf
    • EPSS Score: %0.07
    • Published: Jun. 01, 2023
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-31008

    An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 03, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-2369

    The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : coblocks
    • Published: Apr. 02, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-2263

    Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-2262

    Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 13, 2025

  • 2.4

    LOW
    CVE-2024-32325

    TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.... Read more

    Affected Products : ex200_firmware ex200
    • Published: Apr. 18, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-1846

    The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : responsive_tabs
    • Published: Apr. 15, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-1664

    The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    • Published: Apr. 09, 2024
    • Modified: May. 13, 2025

  • 6.6

    MEDIUM
    CVE-2024-28224

    Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).... Read more

    Affected Products : ollama
    • Published: Apr. 08, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-2509

    The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above t... Read more

    • Published: Apr. 05, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2024-2721

    Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. ... Read more

    Affected Products : social_media_share_buttons
    • Published: Mar. 20, 2024
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-26280

    Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users... Read more

    Affected Products : airflow
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-0719

    The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    Affected Products : tabs_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-0711

    The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : buttons_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-25325

    SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.... Read more

    Affected Products : employee_management_system
    • Published: Mar. 12, 2024
    • Modified: May. 12, 2025
Showing 20 of 291804 Results