Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-1887

    Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.  ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2024-25723

    ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password ... Read more

    Affected Products : zenml
    • Published: Feb. 27, 2024
    • Modified: May. 12, 2025

  • 9.9

    CRITICAL
    CVE-2024-2083

    A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypas... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2024-27507

    libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.... Read more

    Affected Products : fedora liblas
    • Published: Feb. 27, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2024-26455

    fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.... Read more

    Affected Products : fluent_bit
    • Published: Feb. 26, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2021-38388

    Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.... Read more

    Affected Products : central_dogma
    • EPSS Score: %0.30
    • Published: Sep. 08, 2021
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-12768

    The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : responsive_iframe
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2024-13096

    The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13097

    The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13218

    The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : fast_tube
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13219

    The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : privacy_policy_genius
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13220

    The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privileg... Read more

    Affected Products : google_map_professional
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13221

    The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : fantastic_elasticsearch
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13223

    The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : tabulate
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13224

    The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : slidedeck_1_lite_content_slider
    • Published: Jan. 31, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13112

    The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_mediatagger
    • Published: Jan. 31, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13101

    The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : wp_mediatagger
    • Published: Jan. 31, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-12709

    The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-12708

    The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12638

    The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : bulk_me_now\!
    • Published: Jan. 30, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291756 Results