Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-3547

    The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.... Read more

    Affected Products : all_in_one_b2b_for_woocommerce
    • Published: Sep. 25, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3508

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific p... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-3507

    The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack... Read more

    Affected Products : woocommerce_pre-orders
    • Published: Jul. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3501

    The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : formcraft
    • Published: Aug. 30, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3499

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-3446

    Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where ... Read more

    Affected Products : openssl
    • Published: Jul. 19, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-3312

    A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2023
    • Modified: Apr. 23, 2025

  • 4.9

    MEDIUM
    CVE-2023-3279

    The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3248

    The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : my_sticky_elements
    • Published: Jul. 24, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3245

    The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : chaty
    • Published: Jul. 17, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-3159

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 12, 2023
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2023-3155

    The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3118

    The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : export_all_urls
    • Published: Jul. 10, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-3111

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().... Read more

    • Published: Jun. 05, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-37582

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker ... Read more

    Affected Products : rocketmq
    • Published: Jul. 12, 2023
    • Modified: Apr. 23, 2025

  • 7.7

    HIGH
    CVE-2023-37519

    Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.  ... Read more

    Affected Products : bigfix_platform
    • Published: Dec. 21, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-34133

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-34127

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-2995

    The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : leyka
    • Published: Sep. 19, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-2975

    Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty ... Read more

    • Published: Jul. 14, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293620 Results