Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-27391

    Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 09, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27427

    A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permissi... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 01, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-46910

    An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.... Read more

    Affected Products : atlas
    • Published: Feb. 13, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-41393

    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Mo... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38001

    In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 06, 2025
    • Modified: Jul. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-22151

    Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.... Read more

    • Published: Jun. 08, 2024
    • Modified: Jul. 12, 2025

  • 6.5

    MEDIUM
    CVE-2024-5208

    An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload reques... Read more

    Affected Products : anythingllm
    • Published: Jun. 19, 2024
    • Modified: Jul. 12, 2025

  • 7.5

    HIGH
    CVE-2024-10813

    The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthen... Read more

    Affected Products : woo_product_table
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 8.8

    HIGH
    CVE-2024-10873

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level acce... Read more

    Affected Products : element_kit_for_elementor
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-10880

    The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0... Read more

    Affected Products : jobboardwp
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-11188

    The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and includi... Read more

    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-9659

    The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it poss... Read more

    Affected Products : school_management_system
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 8.8

    HIGH
    CVE-2024-9660

    The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5... Read more

    Affected Products : school_management_system
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-10519

    The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products : wishlist_for_woocommerce
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-10542

    The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and inc... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 12, 2025

  • 8.1

    HIGH
    CVE-2024-10781

    The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and includin... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-12596

    The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it pos... Read more

    Affected Products : lifterlms
    • Published: Dec. 18, 2024
    • Modified: Jul. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-2290

    The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and ... Read more

    Affected Products : lifterlms
    • Published: Mar. 19, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-12713

    The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible... Read more

    Affected Products : sureforms
    • Published: Jan. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-6691

    The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it... Read more

    Affected Products : sureforms
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291520 Results