Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2020-1481

    A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'.... Read more

    • EPSS Score: %60.85
    • Published: Jul. 14, 2020
    • Modified: Aug. 20, 2025

  • 4.3

    MEDIUM
    CVE-2013-5714

    Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) me... Read more

    • EPSS Score: %0.41
    • Published: Sep. 09, 2013
    • Modified: Aug. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-1906

    Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter... Read more

    • EPSS Score: %1.43
    • Published: Mar. 06, 2014
    • Modified: Aug. 20, 2025

  • 6.4

    MEDIUM
    CVE-2014-1907

    Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbi... Read more

    • EPSS Score: %10.41
    • Published: Mar. 06, 2014
    • Modified: Aug. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-3896

    The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    • EPSS Score: %0.89
    • Published: Nov. 29, 2022
    • Modified: Aug. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-3897

    The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    • EPSS Score: %0.14
    • Published: Nov. 29, 2022
    • Modified: Aug. 20, 2025

  • 8.8

    HIGH
    CVE-2022-3898

    The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes ... Read more

    • EPSS Score: %0.11
    • Published: Nov. 29, 2022
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2025-0145

    Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0144

    Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-7122

    The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    • Published: Aug. 30, 2024
    • Modified: Aug. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-2092

    The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    • Published: Jun. 12, 2024
    • Modified: Aug. 20, 2025

  • 6.4

    MEDIUM
    CVE-2024-4401

    The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This... Read more

    • Published: Aug. 30, 2024
    • Modified: Aug. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-6226

    The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wpstickybar wpstickybar
    • Published: Jul. 30, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-5765

    The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : wpstickybar wpstickybar
    • Published: Jul. 30, 2024
    • Modified: Aug. 20, 2025

  • 6.9

    MEDIUM
    CVE-2024-9282

    A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : minicms minicms
    • Published: Sep. 27, 2024
    • Modified: Aug. 20, 2025

  • 6.9

    MEDIUM
    CVE-2024-9281

    A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exp... Read more

    Affected Products : minicms minicms
    • Published: Sep. 27, 2024
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2020-27223

    In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state... Read more

    • EPSS Score: %35.72
    • Published: Feb. 26, 2021
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-5497

    A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argum... Read more

    Affected Products : phpwcms
    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-32947

    This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-23942

    A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Mar. 18, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292212 Results