Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-40503

    An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Jul. 16, 2024
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-51477

    IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-48192

    Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root... Read more

    Affected Products : g3_firmware g3
    • Published: Oct. 17, 2024
    • Modified: Jul. 07, 2025

  • 6.8

    MEDIUM
    CVE-2024-40412

    Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Jul. 10, 2024
    • Modified: Jul. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-51568

    CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.... Read more

    Affected Products : cyberpanel
    • Published: Oct. 29, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-50983

    FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name sect... Read more

    Affected Products : flightpath
    • Published: Nov. 15, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-40515

    An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.... Read more

    Affected Products : ax2_pro_firmware ax2_pro
    • Published: Jul. 16, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-33365

    Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.... Read more

    Affected Products : ac10_firmware ac10_firmware ac10
    • Published: Jul. 29, 2024
    • Modified: Jul. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-6165

    The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : wanotifier
    • Published: Jul. 31, 2024
    • Modified: Jul. 07, 2025

  • 5.8

    MEDIUM
    CVE-2024-29030

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.... Read more

    Affected Products : memos
    • Published: Apr. 19, 2024
    • Modified: Jul. 07, 2025

  • 5.3

    MEDIUM
    CVE-2025-5813

    The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it po... Read more

    Affected Products : amazon_products_to_woocommerce
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2024-29028

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerab... Read more

    Affected Products : memos
    • Published: Apr. 19, 2024
    • Modified: Jul. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-11089

    The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensit... Read more

    Affected Products : anonymous_restricted_content
    • Published: Nov. 21, 2024
    • Modified: Jul. 07, 2025

  • 4.3

    MEDIUM
    CVE-2025-5932

    The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated ... Read more

    Affected Products : homerunner
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2025-1039

    The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    Affected Products : lenix_leads_collector
    • Published: Feb. 20, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-4683

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes i... Read more

    Affected Products : mstore_api
    • Published: May. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-5936

    The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated a... Read more

    Affected Products : vr_calendar
    • Published: Jun. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5940

    The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : osom_blocks
    • Published: Jun. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-1601

    An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the ... Read more

    • Published: Apr. 16, 2024
    • Modified: Jul. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-43292

    Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters.... Read more

    Affected Products : my_food_recipe
    • Published: Mar. 12, 2024
    • Modified: Jul. 07, 2025
Showing 20 of 293631 Results