Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-6444

    The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 4.9

    MEDIUM
    CVE-2023-7247

    The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-0561

    The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-1068

    The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.... Read more

    Affected Products : 404_solution
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-1273

    The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks... Read more

    Affected Products : starbox
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 5.9

    MEDIUM
    CVE-2024-25650

    Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /exe... Read more

    Affected Products : secret_server distributed_engine
    • Published: Mar. 14, 2024
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2024-25649

    In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is ena... Read more

    Affected Products : secret_server
    • Published: Mar. 14, 2024
    • Modified: Apr. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-28417

    Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.... Read more

    Affected Products : webedition_cms
    • Published: Mar. 14, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-28418

    Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php... Read more

    Affected Products : webedition_cms
    • Published: Mar. 14, 2024
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-37622

    Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php.... Read more

    Affected Products : xinhu
    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-37623

    Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component.... Read more

    Affected Products : xinhu
    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-38469

    zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.... Read more

    Affected Products : ibarn
    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-38470

    zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php.... Read more

    Affected Products : ibarn
    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-37799

    CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php.... Read more

    Affected Products : restaurant_reservation_system
    • Published: Jun. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-38275

    The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.... Read more

    Affected Products : moodle
    • Published: Jun. 18, 2024
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-4957

    The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : frontend_checklist
    • Published: Jun. 26, 2024
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2024-4959

    The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : frontend_checklist
    • Published: Jun. 26, 2024
    • Modified: Apr. 30, 2025

  • 5.7

    MEDIUM
    CVE-2024-2193

    A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from ... Read more

    Affected Products : xen
    • Published: Mar. 15, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-46842

    Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them t... Read more

    Affected Products : xen
    • Published: May. 16, 2024
    • Modified: Apr. 30, 2025

  • 8.5

    HIGH
    CVE-2025-29769

    libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally ... Read more

    Affected Products : libvips
    • Published: Apr. 07, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291222 Results