Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-0603

    The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : sloth_logo_customizer
    • Published: May. 08, 2023
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2023-0329

    The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator rol... Read more

    Affected Products : website_builder
    • Published: May. 30, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-4827

    The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : wp_tiles
    • Published: Apr. 10, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-46383

    RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within... Read more

    Affected Products : digital_rebar
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-46382

    RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform acti... Read more

    Affected Products : digital_rebar
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-44030

    Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.... Read more

    Affected Products : redmine
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-43369

    AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.... Read more

    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-37406

    Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-34840

    Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-2311

    The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.... Read more

    Affected Products : find_and_replace_all
    • Published: Nov. 28, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-29244

    npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 an... Read more

    • Published: Jun. 13, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2020-36656

    The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.... Read more

    Affected Products : spectra
    • Published: Feb. 21, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3439

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_v... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-3421

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficien... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-3422

    The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-24447

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and I... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30282

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabilit... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30294

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-4306

    Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-4307

    SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 293605 Results