Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-23918

    A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by ... Read more

    Affected Products : node.js
    • EPSS Score: %0.02
    • Published: Feb. 23, 2023
    • Modified: May. 08, 2025

  • 10.0

    CRITICAL
    CVE-2024-25925

    Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. ... Read more

    Affected Products : easy_checkout_field_editor
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 10.0

    CRITICAL
    CVE-2024-25913

    Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 7.3

    HIGH
    CVE-2023-4479

    Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.... Read more

    Affected Products : m-files
    • Published: Mar. 04, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-43890

    IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.... Read more

    • Published: Mar. 04, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2023-37495

    Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers wi... Read more

    Affected Products : domino
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-43964

    In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-43963

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-43962

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-43961

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2023-7201

    The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite... Read more

    Affected Products : everest_backup
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-1746

    The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : testimonial_slider_and_showcase
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-1660

    The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : top_bar
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-2444

    The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 06, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-3752

    The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : crelly_slider
    • Published: May. 06, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-0904

    The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : fancy_product_designer
    • Published: May. 06, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-3692

    The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cro... Read more

    Affected Products : gutenverse
    • Published: May. 03, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-3637

    The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when th... Read more

    • Published: May. 03, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-25225

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.16
    • Published: Feb. 14, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-25215

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 08, 2025
Showing 20 of 291634 Results