Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-1849

    The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL... Read more

    Affected Products : wp_customer_reviews
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-1755

    The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : nps_computy
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-1754

    The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : nps_computy
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 2.7

    LOW
    CVE-2024-10562

    The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Jan. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-11223

    The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wpforms
    • Published: Dec. 26, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-10678

    The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : ultimate_blocks
    • Published: Dec. 13, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-6136

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-6134

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-6133

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-12568

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12567

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12566

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12274

    The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported file... Read more

    Affected Products : appointment_booking_calendar
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-11636

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-29154

    HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspecti... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-25454

    Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.... Read more

    Affected Products : bento4
    • EPSS Score: %0.02
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2024-25407

    SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.... Read more

    Affected Products : steve steve
    • EPSS Score: %0.17
    • Published: Feb. 13, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-25302

    Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.... Read more

    Affected Products : event_student_attendance_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-25003

    KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code exe... Read more

    Affected Products : kitty
    • EPSS Score: %0.55
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-24350

    File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.... Read more

    Affected Products : e-sic_livre
    • EPSS Score: %1.87
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025
Showing 20 of 291712 Results