Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-23213

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-23212

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-3472

    The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack... Read more

    Affected Products : modal_window
    • Published: May. 02, 2024
    • Modified: May. 08, 2025

  • 3.4

    LOW
    CVE-2024-3471

    The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack... Read more

    Affected Products : button_generator
    • Published: May. 02, 2024
    • Modified: May. 08, 2025

  • 9.9

    CRITICAL
    CVE-2025-23211

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2024-2405

    The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.... Read more

    Affected Products : float_menu
    • Published: May. 02, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-12436

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-12280

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-50347

    HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 10, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-3591

    The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.... Read more

    Affected Products : geo_controller
    • Published: May. 01, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-2505

    The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings pr... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: Apr. 29, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-2908

    The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_now_button
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-2310

    The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : wp_google_review_slider
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-1059

    Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.42
    • Published: Jan. 30, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-26954

    Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (... Read more

    Affected Products : nopcommerce
    • EPSS Score: %0.12
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2021-33231

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.... Read more

    Affected Products : service_manager
    • EPSS Score: %0.16
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.8

    MEDIUM
    CVE-2020-9285

    Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.... Read more

    Affected Products : one_firmware one
    • EPSS Score: %0.04
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2020-12744

    The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.... Read more

    Affected Products : desktop_and_process_analytics
    • EPSS Score: %0.03
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-49561

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation o... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2016-3554

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.... Read more

    • EPSS Score: %1.45
    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025
Showing 20 of 291659 Results