Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-12280

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-50347

    HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 10, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-3591

    The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.... Read more

    Affected Products : geo_controller
    • Published: May. 01, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-2505

    The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings pr... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: Apr. 29, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-2908

    The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_now_button
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-2310

    The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : wp_google_review_slider
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-1059

    Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 30, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-26954

    Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (... Read more

    Affected Products : nopcommerce
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2021-33231

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.... Read more

    Affected Products : service_manager
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.8

    MEDIUM
    CVE-2020-9285

    Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.... Read more

    Affected Products : one_firmware one
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2020-12744

    The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.... Read more

    Affected Products : desktop_and_process_analytics
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-49561

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation o... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2017-10082

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025

  • 5.8

    MEDIUM
    CVE-2016-3529

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560.... Read more

    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 5.5

    MEDIUM
    CVE-2016-3553

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to PC Core.... Read more

    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2016-3560

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529.... Read more

    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2016-5527

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524.... Read more

    • Published: Oct. 25, 2016
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2017-10299

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    • Published: Oct. 19, 2017
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2016-3530

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import.... Read more

    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2017-10092

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025
Showing 20 of 292766 Results