Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-49362

    Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a... Read more

    Affected Products : joplin
    • Published: Nov. 14, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-4311

    zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's ... Read more

    Affected Products : zenml
    • Published: Nov. 14, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-49952

    Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header.... Read more

    Affected Products : mastodon
    • Published: Nov. 18, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9308

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.30
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2021-24130

    Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.57
    • Published: Mar. 18, 2021
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2021-24502

    The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_google_map wp_google_map wp_maps
    • EPSS Score: %0.21
    • Published: Aug. 09, 2021
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9309

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.30
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2016-10878

    The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.19
    • Published: Aug. 12, 2019
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2015-9305

    The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.44
    • Published: Aug. 12, 2019
    • Modified: May. 07, 2025

  • 5.9

    MEDIUM
    CVE-2023-23878

    Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.05
    • Published: Apr. 04, 2023
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-25600

    Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).... Read more

    Affected Products : fedora wp_google_map wp_maps
    • EPSS Score: %0.13
    • Published: Mar. 11, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9307

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.20
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-28172

    Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.05
    • Published: Nov. 12, 2023
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-49901

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, j... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2022-49848

    In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as ... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49837

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): comm "test_progs", pid 33246, jiffies 4307381979 (age 4585... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49839

    In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_dev... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2022-49840

    In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is a... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2022-49844

    In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2022-49842

    In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rm... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291401 Results