Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-4209

    The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.... Read more

    Affected Products : poeditor
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-4150

    The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks... Read more

    Affected Products : user_activity_tracking_and_log
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-4109

    The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.... Read more

    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-4060

    The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : wp_adminify
    • Published: Sep. 11, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-4035

    The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : simple_blog_card
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-4022

    The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : herd_effects
    • Published: Sep. 11, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-4019

    The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.... Read more

    Affected Products : media_from_ftp
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-4013

    The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF at... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-49954

    The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.... Read more

    Affected Products : 3cx
    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-49356

    A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.... Read more

    Affected Products : mp3gain
    • Published: Dec. 22, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-47091

    An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connecti... Read more

    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2023-44981

    Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authenticat... Read more

    Affected Products : debian_linux zookeeper
    • Published: Oct. 11, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-40236

    In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.... Read more

    Affected Products : virtual_meeting_rooms
    • Published: Dec. 25, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-40195

    Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user t... Read more

    • Published: Aug. 28, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3992

    The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : postx
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3936

    The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : blog2social
    • Published: Aug. 21, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3746

    The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3707

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private)... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-3706

    The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via... Read more

    Affected Products : activitypub
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-3575

    The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : quiz_and_survey_master
    • Published: Aug. 07, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293620 Results