Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-43961

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2023-7201

    The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite... Read more

    Affected Products : everest_backup
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-1746

    The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : testimonial_slider_and_showcase
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-1660

    The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : top_bar
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-2444

    The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 06, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-3752

    The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : crelly_slider
    • Published: May. 06, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-0904

    The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : fancy_product_designer
    • Published: May. 06, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-3692

    The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cro... Read more

    Affected Products : gutenverse
    • Published: May. 03, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-3637

    The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when th... Read more

    • Published: May. 03, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-25225

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.16
    • Published: Feb. 14, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-25215

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2023-51293

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amo... Read more

    Affected Products : event_booking_calendar
    • Published: Feb. 19, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-32006

    The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active relea... Read more

    Affected Products : fedora node.js
    • EPSS Score: %0.05
    • Published: Aug. 15, 2023
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2023-32004

    A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. Th... Read more

    Affected Products : fedora node.js
    • EPSS Score: %0.06
    • Published: Aug. 15, 2023
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-42200

    Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2022-42199

    Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2022-42198

    In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-42197

    In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-42176

    In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.... Read more

    Affected Products : pcsecure
    • EPSS Score: %0.09
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-42021

    Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.... Read more

    • EPSS Score: %0.07
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025
Showing 20 of 291625 Results