Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-37847

    novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : novel-plus novel-plus novel-plus
    • EPSS Score: %0.30
    • Published: Aug. 14, 2023
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-1251

    A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been dis... Read more

    • EPSS Score: %0.05
    • Published: Feb. 06, 2024
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-7021

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possibl... Read more

    • EPSS Score: %0.06
    • Published: Dec. 21, 2023
    • Modified: Aug. 01, 2025

  • 8.1

    HIGH
    CVE-2024-10114

    The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible f... Read more

    • Published: Nov. 05, 2024
    • Modified: Aug. 01, 2025

  • 5.3

    MEDIUM
    CVE-2025-27221

    In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.... Read more

    Affected Products : uri
    • Published: Mar. 04, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-13316

    The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all v... Read more

    Affected Products : scracth_\&_win scratch_\&_win
    • Published: Feb. 18, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2023-5520

    Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.... Read more

    Affected Products : gpac
    • EPSS Score: %0.01
    • Published: Oct. 11, 2023
    • Modified: Aug. 01, 2025

  • 8.8

    HIGH
    CVE-2023-36390

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All ... Read more

    • EPSS Score: %0.47
    • Published: Jul. 11, 2023
    • Modified: Aug. 01, 2025

  • 8.8

    HIGH
    CVE-2023-3893

    A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows node... Read more

    Affected Products : csi_proxy
    • EPSS Score: %1.46
    • Published: Nov. 03, 2023
    • Modified: Aug. 01, 2025

  • 4.3

    MEDIUM
    CVE-2024-1592

    The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php.... Read more

    Affected Products : complianz complianz
    • Published: Mar. 02, 2024
    • Modified: Aug. 01, 2025

  • 9.3

    HIGH
    CVE-2007-5661

    The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client... Read more

    Affected Products : installshield installshield
    • EPSS Score: %1.56
    • Published: Apr. 04, 2008
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2023-31122

    Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.... Read more

    Affected Products : fedora debian_linux http_server
    • EPSS Score: %0.22
    • Published: Oct. 23, 2023
    • Modified: Aug. 01, 2025

  • 7.2

    HIGH
    CVE-2024-1935

    The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ parameter in all versions up to, and including, 1.12.5 due... Read more

    • Published: Mar. 13, 2024
    • Modified: Aug. 01, 2025

  • 4.3

    MEDIUM
    CVE-2025-1506

    The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counter_access_key_setup() function. ... Read more

    • Published: Feb. 28, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-13802

    The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products : bandsintown events
    • Published: Feb. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-1978

    The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and ab... Read more

    Affected Products : friends
    • Published: Feb. 29, 2024
    • Modified: Aug. 01, 2025

  • 8.8

    HIGH
    CVE-2025-1166

    A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be... Read more

    Affected Products : food_menu_manager food_menu_manager
    • Published: Feb. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-1289

    The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    • Published: May. 15, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1303

    The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    • Published: May. 15, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-4567

    The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with... Read more

    Affected Products : post_slider_and_post_carousel
    • Published: Jun. 03, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291295 Results