Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-19897

    A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.27
    • Published: Jun. 28, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-31860

    Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.08
    • Published: May. 23, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2018-11528

    WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.31
    • Published: May. 29, 2018
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2018-10248

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.12
    • Published: Apr. 20, 2018
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2018-18938

    An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.24
    • Published: Nov. 05, 2018
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2019-9107

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.22
    • Published: Feb. 25, 2019
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2018-17426

    WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.21
    • Published: Mar. 07, 2019
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2019-9110

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.22
    • Published: Feb. 25, 2019
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2018-10311

    A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.44
    • Published: Apr. 24, 2018
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2019-9109

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.22
    • Published: Feb. 25, 2019
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2018-14512

    An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator acces... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.22
    • Published: Jul. 23, 2018
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2018-10312

    index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.33
    • Published: Apr. 24, 2018
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-1331

    The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored ... Read more

    Affected Products : team_members
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-1333

    The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and ab... Read more

    Affected Products : responsive_pricing_table
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-1658

    The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : grid_shortcodes
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-7085

    The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : scalable_vector_graphics_\(svg\)
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 4.7

    MEDIUM
    CVE-2023-7236

    The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors ... Read more

    Affected Products : backup_bolt
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2024-20019

    In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID:... Read more

    Affected Products : mt7927 mt7925 software_package
    • Published: Mar. 04, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-28424

    zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : zenml
    • Published: Mar. 14, 2024
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2021-47208

    The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.... Read more

    Affected Products : mojolicious
    • Published: Apr. 08, 2024
    • Modified: May. 05, 2025
Showing 20 of 291258 Results