Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-6986

    A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'full_template' variable directly as HTML... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21174

    Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-24068

    Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-24065

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2024-7058

    A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personality_folder on t... Read more

    Affected Products : lollms lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-8581

    A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Travers... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 8.0

    HIGH
    CVE-2023-27349

    BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50190

    Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to ex... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50189

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50188

    Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50187

    Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to expl... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50195

    Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exp... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50194

    Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exp... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50193

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 4.8

    MEDIUM
    CVE-2025-2205

    The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanit... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-1785

    The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite... Read more

    Affected Products : download_manager download_manager
    • Published: Mar. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2023-50192

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50191

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2024-11283

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This mak... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-11284

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the acco... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 293625 Results