Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-43655

    Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv`... Read more

    Affected Products : fedora debian_linux composer
    • Published: Sep. 29, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-41447

    A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.... Read more

    Affected Products : opencms
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-45799

    FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browse... Read more

    Affected Products : fluxcp
    • Published: Sep. 16, 2024
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-39897

    zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other reposi... Read more

    Affected Products : zot
    • Published: Jul. 09, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-0714

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack a... Read more

    • Published: Aug. 17, 2024
    • Modified: Apr. 23, 2025

  • 7.1

    HIGH
    CVE-2024-28199

    phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that... Read more

    Affected Products : phlex
    • Published: Mar. 11, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-45600

    A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.... Read more

    Affected Products : imx6
    • Published: Mar. 05, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-4765

    The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripti... Read more

    Affected Products : portfolio_for_elementor
    • Published: Jan. 30, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-29512

    Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.... Read more

    Affected Products : nodebb
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-1720

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insuffici... Read more

    • Published: Mar. 07, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-29513

    Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.... Read more

    Affected Products : nodebb
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-5798

    The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks... Read more

    Affected Products : assistant
    • Published: Oct. 26, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-5561

    WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack... Read more

    Affected Products : wordpress
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-5519

    The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.... Read more

    Affected Products : eventprime
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-5243

    The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa... Read more

    Affected Products : login_screen_manager
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-5229

    The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : e2pdf
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-5177

    The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.... Read more

    Affected Products : vrm360
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-5167

    The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.... Read more

    Affected Products : user_activity_log
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-5133

    This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.... Read more

    Affected Products : user_activity_log
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2023-5098

    The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS.... Read more

    Affected Products : campaign_monitor_optin_cat
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293605 Results