Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-49954

    The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.... Read more

    Affected Products : 3cx
    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-49356

    A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.... Read more

    Affected Products : mp3gain
    • Published: Dec. 22, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-47091

    An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connecti... Read more

    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2023-44981

    Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authenticat... Read more

    Affected Products : debian_linux zookeeper
    • Published: Oct. 11, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-40236

    In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.... Read more

    Affected Products : virtual_meeting_rooms
    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-40195

    Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user t... Read more

    • Published: Aug. 28, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3992

    The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : postx
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3936

    The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : blog2social
    • Published: Aug. 21, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3746

    The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3707

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private)... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3706

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3575

    The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : quiz_and_survey_master
    • Published: Aug. 07, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-3547

    The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.... Read more

    Affected Products : all_in_one_b2b_for_woocommerce
    • Published: Sep. 25, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3508

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific p... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3507

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3501

    The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : formcraft
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3499

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-3446

    Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where ... Read more

    Affected Products : openssl
    • Published: Jul. 19, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-3312

    A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2023
    • Modified: Apr. 23, 2025

  • 4.9

    MEDIUM
    CVE-2023-3279

    The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293612 Results