Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-13101

    The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : wp_mediatagger
    • Published: Jan. 31, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-12709

    The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-12708

    The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12638

    The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-10309

    The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : tracking_code_manager
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12749

    The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : competition_form
    • Published: Jan. 29, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12807

    The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : social_share_buttons share_buttons
    • Published: Jan. 28, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-31191

    This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Mar. 31, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-4175

    A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2022-42983

    anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.... Read more

    Affected Products : report aj-report
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42980

    go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.... Read more

    Affected Products : go-admin
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 7.5

    HIGH
    CVE-2022-42975

    socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.... Read more

    Affected Products : phoenix
    • EPSS Score: %0.07
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42237

    A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-42114

    A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.19
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 6.1

    MEDIUM
    CVE-2022-42113

    A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.18
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 7.5

    HIGH
    CVE-2022-41547

    Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.... Read more

    Affected Products : mobile_security_framework
    • EPSS Score: %3.28
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 8.8

    HIGH
    CVE-2022-3368

    A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.... Read more

    Affected Products : avira_security
    • EPSS Score: %2.60
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 7.0

    HIGH
    CVE-2025-46326

    snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector read... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2024-32499

    Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.... Read more

    Affected Products : project_center_server
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4028

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql ... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection
Showing 20 of 291712 Results