Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-42466

    Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and t... Read more

    Affected Products : isis
    • EPSS Score: %5.07
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-42227

    jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.... Read more

    Affected Products : jsonlint_c\+\+
    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-41709

    Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.... Read more

    Affected Products : markdownify
    • EPSS Score: %0.05
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-41708

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.... Read more

    Affected Products : messenger
    • EPSS Score: %0.06
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-41707

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public.... Read more

    Affected Products : messenger
    • EPSS Score: %0.11
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-40798

    OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.15
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 8.7

    HIGH
    CVE-2024-2739

    The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : advance_search advanced_search
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-1849

    The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL... Read more

    Affected Products : wp_customer_reviews
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-1755

    The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : nps_computy
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-1754

    The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : nps_computy
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 2.7

    LOW
    CVE-2024-10562

    The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Jan. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-11223

    The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wpforms
    • Published: Dec. 26, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-10678

    The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : ultimate_blocks
    • Published: Dec. 13, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-6136

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-6134

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-6133

    The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_estore
    • Published: Aug. 12, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-12568

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12567

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12566

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12274

    The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported file... Read more

    Affected Products : appointment_booking_calendar
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291717 Results