Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-2695

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes ... Read more

    Affected Products : shariff_wrapper
    • Published: Jun. 15, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-1450

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes ... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-0966

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes l... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-29109

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. ... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 19, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2023-6500

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes s... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-6067

    The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    • Published: Apr. 15, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-6047

    Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.... Read more

    • Actively Exploited
    • Published: Jun. 17, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-11120

    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploite... Read more

    • Actively Exploited
    • Published: Nov. 15, 2024
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2025-45388

    Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is d... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2022-43415

    Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : repo
    • EPSS Score: %0.26
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 5.5

    MEDIUM
    CVE-2022-43045

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.04
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 5.5

    MEDIUM
    CVE-2022-43044

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.03
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 5.5

    MEDIUM
    CVE-2022-43043

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.03
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2022-43042

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.07
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2022-43040

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.05
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-43026

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-43025

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-43024

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2024-39841

    A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.... Read more

    Affected Products : centreon_web
    • Published: Aug. 23, 2024
    • Modified: May. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-33854

    A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.... Read more

    Affected Products : centreon_web
    • Published: Aug. 23, 2024
    • Modified: May. 09, 2025
Showing 20 of 291659 Results