Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-0421

    The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.... Read more

    • EPSS Score: %0.52
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-0248

    The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and de... Read more

    Affected Products : eazydocs
    • EPSS Score: %0.23
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2023-6869

    A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.... Read more

    Affected Products : firefox
    • EPSS Score: %0.18
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-6858

    Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.... Read more

    • EPSS Score: %0.39
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2023-6289

    The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.... Read more

    Affected Products : swift_performance
    • EPSS Score: %2.82
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2023-5005

    The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin ... Read more

    • EPSS Score: %0.09
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-50981

    ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.... Read more

    Affected Products : crypto\+\+
    • EPSS Score: %0.07
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-50272

    A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.... Read more

    • EPSS Score: %0.02
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-49489

    Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.... Read more

    Affected Products : kodexplorer
    • EPSS Score: %0.53
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2023-47257

    ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.... Read more

    Affected Products : automate screenconnect
    • EPSS Score: %4.96
    • Published: Feb. 01, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-46344

    A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /... Read more

    Affected Products : 2000_pm\+_firmware 2000_pm\+
    • EPSS Score: %0.18
    • Published: Feb. 02, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-45230

    EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Inte... Read more

    Affected Products : edk2
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-40393

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.28
    • Published: Jan. 10, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3599

    LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.... Read more

    • EPSS Score: %0.03
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3598

    LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit ... Read more

    • EPSS Score: %0.04
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3597

    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou... Read more

    • EPSS Score: %0.02
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-3395

    The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection ... Read more

    Affected Products : wp_all_export
    • EPSS Score: %0.29
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-3246

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers... Read more

    Affected Products : blog2social
    • EPSS Score: %1.16
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3097

    The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.... Read more

    Affected Products : lbstopattack
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-38870

    Free5gc v3.2.1 is vulnerable to Information disclosure.... Read more

    Affected Products : free5gc
    • EPSS Score: %85.61
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025
Showing 20 of 291672 Results