Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-13418

    Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access... Read more

    Affected Products : april auteur benaa beyot
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2023-6694

    The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This m... Read more

    Affected Products : beaver_themer
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2024-0662

    The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... Read more

    Affected Products : fancybox
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2024-1852

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    Affected Products : wp-members wp-members
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-1960

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and... Read more

    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-2026

    The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : passster
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 6.4

    MEDIUM
    CVE-2025-3858

    The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more

    Affected Products : formality
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3748

    The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products : taxonomy_chain_menu
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3510

    The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it p... Read more

    Affected Products : tagdiv_composer composer
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-27091

    OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due t... Read more

    Affected Products : openh264
    • Published: Feb. 20, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-21176

    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: May. 06, 2025

  • 7.3

    HIGH
    CVE-2025-21173

    .NET Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-38229

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-35264

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    Affected Products : visual_studio .net visual_studio_2022
    • Published: Jul. 09, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-42315

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-42314

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-42313

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-42312

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-42311

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-40294

    The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.13
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025
Showing 20 of 291358 Results