Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-13218

    The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : fast_tube
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13219

    The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : privacy_policy_genius
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13220

    The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privileg... Read more

    Affected Products : google_map_professional
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13221

    The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : fantastic_elasticsearch
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13223

    The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : tabulate
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13224

    The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : slidedeck_1_lite_content_slider
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13112

    The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_mediatagger
    • Published: Jan. 31, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13101

    The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : wp_mediatagger
    • Published: Jan. 31, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-12709

    The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-12708

    The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12638

    The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-10309

    The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : tracking_code_manager
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12749

    The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : competition_form
    • Published: Jan. 29, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12807

    The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : social_share_buttons share_buttons
    • Published: Jan. 28, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-31191

    This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Mar. 31, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-4175

    A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2022-42983

    anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.... Read more

    Affected Products : report aj-report
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42980

    go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.... Read more

    Affected Products : go-admin
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 7.5

    HIGH
    CVE-2022-42975

    socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.... Read more

    Affected Products : phoenix
    • EPSS Score: %0.07
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42237

    A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025
Showing 20 of 291717 Results