Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9651

    The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : contact_form
    • Published: Dec. 09, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-45986

    A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and p... Read more

    • Published: Sep. 26, 2024
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2024-0166

    Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileg... Read more

    Affected Products : unity_operating_environment
    • EPSS Score: %0.24
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-6499

    The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : lastunes
    • EPSS Score: %0.10
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-6081

    The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : chartjs
    • EPSS Score: %0.14
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3420

    The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : official_integration_for_billingo
    • EPSS Score: %0.11
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3419

    The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator... Read more

    Affected Products : automatic_user_roles_switcher
    • EPSS Score: %0.14
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3408

    The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.... Read more

    Affected Products : wp_word_count
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2022-3380

    The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present o... Read more

    • EPSS Score: %0.34
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2022-3374

    The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget... Read more

    Affected Products : ocean_extra
    • EPSS Score: %0.26
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2022-3366

    The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress... Read more

    Affected Products : capabilities
    • EPSS Score: %0.32
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2022-3360

    The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To succes... Read more

    Affected Products : learnpress
    • EPSS Score: %11.51
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-3357

    The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the sit... Read more

    Affected Products : smart_slider_3
    • EPSS Score: %12.83
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2024-45967

    Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.... Read more

    Affected Products : pagekit
    • Published: Oct. 01, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-47806

    Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.... Read more

    • Published: Oct. 02, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-47807

    Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.... Read more

    • Published: Oct. 02, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-48581

    File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2024-48594

    File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.... Read more

    • Published: Oct. 28, 2024
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2023-4911

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching b... Read more

    • Actively Exploited
    • EPSS Score: %79.64
    • Published: Oct. 03, 2023
    • Modified: May. 06, 2025

  • 10.0

    CRITICAL
    CVE-2025-31324

    SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the ... Read more

    Affected Products : netweaver
    • Actively Exploited
    • Published: Apr. 24, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 291562 Results