Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25421

    An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.... Read more

    Affected Products : openfire
    • Published: Mar. 26, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-2278

    Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : woocommerce_product_filter
    • Published: Apr. 01, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-29433

    A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.... Read more

    Affected Products : alldata
    • Published: Apr. 01, 2024
    • Modified: May. 07, 2025

  • 4.1

    MEDIUM
    CVE-2024-29435

    An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.... Read more

    Affected Products : alldata
    • Published: Apr. 01, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-1274

    The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)... Read more

    Affected Products : my_calendar my_calendar
    • Published: Apr. 02, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-31002

    Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-31003

    Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2024-31005

    An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-53268

    Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain... Read more

    Affected Products : joplin
    • Published: Nov. 25, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-10704

    The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : photo_gallery
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-10980

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post w... Read more

    Affected Products : element_pack
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-10551

    The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : sticky_social_icons
    • Published: Dec. 06, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-11183

    The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : simple_side_tab
    • Published: Dec. 07, 2024
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-9651

    The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : contact_form
    • Published: Dec. 09, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-45986

    A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and p... Read more

    • Published: Sep. 26, 2024
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2024-0166

    Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileg... Read more

    Affected Products : unity_operating_environment
    • EPSS Score: %0.24
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-6499

    The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : lastunes
    • EPSS Score: %0.10
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-6081

    The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : chartjs
    • EPSS Score: %0.14
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3420

    The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : official_integration_for_billingo
    • EPSS Score: %0.11
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3419

    The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator... Read more

    Affected Products : automatic_user_roles_switcher
    • EPSS Score: %0.14
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025
Showing 20 of 291384 Results