Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-0368

    The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unaut... Read more

    Affected Products : banner_garden
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2022-36182

    Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.... Read more

    Affected Products : boundary
    • EPSS Score: %0.11
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-24893

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability ... Read more

    Affected Products : xwiki
    • Published: Feb. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2024-3059

    The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack... Read more

    Affected Products : enl-newsletter
    • Published: Apr. 26, 2024
    • Modified: May. 07, 2025

  • 4.5

    MEDIUM
    CVE-2024-3060

    The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks... Read more

    Affected Products : enl-newsletter
    • Published: Apr. 26, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-3058

    The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : enl-newsletter
    • Published: Apr. 26, 2024
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2024-34433

    Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0. ... Read more

    Affected Products : one_click_demo_import
    • Published: May. 14, 2024
    • Modified: May. 07, 2025

  • 5.9

    MEDIUM
    CVE-2024-1743

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege user... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Apr. 24, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-1756

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, ... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Apr. 24, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-25662

    Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.... Read more

    Affected Products : o4_firmware o4
    • Published: Feb. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2024-13314

    The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2021-47293

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2024-13329

    The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : solidres
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13327

    The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : musicbox
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-26891

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to t... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: May. 07, 2025

  • 4.7

    MEDIUM
    CVE-2024-26869

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: May. 07, 2025

  • 3.5

    LOW
    CVE-2024-13585

    The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : ajax_search
    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1580

    A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injectio... Read more

    • Published: Feb. 23, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-30247

    NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security miscon... Read more

    Affected Products : nextcloudpi
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-12308

    The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291659 Results