Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2024-2405

    The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.... Read more

    Affected Products : float_menu
    • Published: May. 02, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-12436

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-12280

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-50347

    HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 10, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-3591

    The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.... Read more

    Affected Products : geo_controller
    • Published: May. 01, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-2505

    The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings pr... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: Apr. 29, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-2908

    The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_now_button
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-2310

    The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : wp_google_review_slider
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-1059

    Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.42
    • Published: Jan. 30, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-26954

    Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (... Read more

    Affected Products : nopcommerce
    • EPSS Score: %0.12
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2021-33231

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.... Read more

    Affected Products : service_manager
    • EPSS Score: %0.16
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.8

    MEDIUM
    CVE-2020-9285

    Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.... Read more

    Affected Products : one_firmware one
    • EPSS Score: %0.04
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2020-12744

    The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.... Read more

    Affected Products : desktop_and_process_analytics
    • EPSS Score: %0.03
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-49561

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation o... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2016-3554

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.... Read more

    • EPSS Score: %1.45
    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2016-3539

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerab... Read more

    • EPSS Score: %0.75
    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2018-8032

    Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.... Read more

    • EPSS Score: %2.34
    • Published: Aug. 02, 2018
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2019-0227

    A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build fro... Read more

    • EPSS Score: %90.74
    • Published: May. 01, 2019
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2017-10308

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows physical access to compromise Oracle Agile... Read more

    • EPSS Score: %0.06
    • Published: Oct. 19, 2017
    • Modified: May. 08, 2025

  • 3.5

    LOW
    CVE-2016-3531

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification.... Read more

    • EPSS Score: %0.30
    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025
Showing 20 of 291638 Results