Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-5307

    The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.... Read more

    Affected Products : contest_gallery
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2023-5238

    The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.... Read more

    Affected Products : eventprime
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-5237

    The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : memberlite_shortcodes
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2023-5211

    The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.... Read more

    Affected Products : fattura24
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 4.3

    MEDIUM
    CVE-2023-4251

    The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.... Read more

    Affected Products : eventprime
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2023-4238

    The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.... Read more

    Affected Products : prevent_files_\/_folders_access
    • Published: Sep. 25, 2023
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-46906

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflec... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45957

    ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.... Read more

    Affected Products : zxhn-h108ns_firmware zxhn-h108ns
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-45956

    Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.... Read more

    Affected Products : boa
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45760

    SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.... Read more

    Affected Products : sens
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45759

    SENS v1.0 has a file upload vulnerability.... Read more

    Affected Products : sens
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-45756

    SENS v1.0 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : sens
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45043

    Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-3946

    The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2022-3881

    The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as... Read more

    Affected Products : wptools
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-3880

    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and ... Read more

    Affected Products : antihacker
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-3879

    The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary p... Read more

    Affected Products : car_dealer
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-3724

    Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows... Read more

    Affected Products : wireshark windows
    • Published: Dec. 09, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20485

    In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20484

    In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293620 Results