Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4335

    The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addre... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-20956

    Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20969

    Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.... Read more

    Affected Products : samsung_gallery
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-20970

    Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.... Read more

    Affected Products : bixby_vision
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4104

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset t... Read more

    Affected Products : frontend_dashboard
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2024-49362

    Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a... Read more

    Affected Products : joplin
    • Published: Nov. 14, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-4311

    zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's ... Read more

    Affected Products : zenml
    • Published: Nov. 14, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-49952

    Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header.... Read more

    Affected Products : mastodon
    • Published: Nov. 18, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9308

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.30
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2021-24130

    Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.57
    • Published: Mar. 18, 2021
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2021-24502

    The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_google_map wp_google_map wp_maps
    • EPSS Score: %0.21
    • Published: Aug. 09, 2021
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9309

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.30
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2016-10878

    The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.19
    • Published: Aug. 12, 2019
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2015-9305

    The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.44
    • Published: Aug. 12, 2019
    • Modified: May. 07, 2025

  • 5.9

    MEDIUM
    CVE-2023-23878

    Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.05
    • Published: Apr. 04, 2023
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-25600

    Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).... Read more

    Affected Products : fedora wp_google_map wp_maps
    • EPSS Score: %0.13
    • Published: Mar. 11, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2015-9307

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.20
    • Published: Aug. 14, 2019
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-28172

    Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.... Read more

    Affected Products : wp_google_map wp_maps
    • EPSS Score: %0.05
    • Published: Nov. 12, 2023
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-49901

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, j... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2022-49848

    In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as ... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291722 Results