Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-1581

    The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.... Read more

    Affected Products : wp-polls
    • EPSS Score: %0.05
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-1579

    The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.... Read more

    Affected Products : login_block_ips
    • EPSS Score: %0.16
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-1578

    The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack... Read more

    Affected Products : my_wpdb
    • EPSS Score: %0.32
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-0421

    The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due ... Read more

    Affected Products : five_star_restaurant_reservations
    • EPSS Score: %0.52
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47252

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actuall... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.1

    HIGH
    CVE-2021-47255

    In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.6

    HIGH
    CVE-2025-46252

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-46253

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.... Read more

    Affected Products : gutenkit
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2021-47256

    In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in clear_inode: kernel BUG at fs/inode.c:519... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47258

    In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via dev_set_name(), the device has to be freed via put_device... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2021-47261

    In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that i... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-46254

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.... Read more

    Affected Products : visual_composer_website_builder
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2021-47263

    In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban chec... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2025-27189

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in... Read more

    Affected Products : commerce commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2021-47265

    In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driv... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47272

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3_gadget_exit() if dwc->gadget is NULL There exists a possible scenario in which dwc3_gadget_init() can fail: during during host -> peripheral mode switc... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-11299

    The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from p... Read more

    Affected Products : memberpress
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2021-47275

    In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache mi... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47276

    In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.1

    HIGH
    CVE-2021-47277

    In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address us... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291170 Results