Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-3936

    The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : blog2social
    • Published: Aug. 21, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3746

    The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3707

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private)... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3706

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3575

    The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : quiz_and_survey_master
    • Published: Aug. 07, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-3547

    The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.... Read more

    Affected Products : all_in_one_b2b_for_woocommerce
    • Published: Sep. 25, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3508

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific p... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3507

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3501

    The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : formcraft
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3499

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-3446

    Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where ... Read more

    Affected Products : openssl
    • Published: Jul. 19, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-3312

    A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2023
    • Modified: Apr. 23, 2025

  • 4.9

    MEDIUM
    CVE-2023-3279

    The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3248

    The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : my_sticky_elements
    • Published: Jul. 24, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3245

    The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : chaty
    • Published: Jul. 17, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-3159

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 12, 2023
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2023-3155

    The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3118

    The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : export_all_urls
    • Published: Jul. 10, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-3111

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().... Read more

    • Published: Jun. 05, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-37582

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker ... Read more

    Affected Products : rocketmq
    • Published: Jul. 12, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293605 Results