Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-34063

    Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. ... Read more

    Affected Products : cloud_foundation aria_automation
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-30016

    SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.... Read more

    Affected Products : judging_management_system
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2023-22526

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary cod... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 3.2

    LOW
    CVE-2023-20573

    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. ... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 7.4

    HIGH
    CVE-2023-0824

    The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : userplus
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-0479

    The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with ... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2022-3829

    The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa... Read more

    Affected Products : font_awesome_4_menus
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2022-3764

    The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability.... Read more

    Affected Products : form_vibes
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-3739

    The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_best_quiz
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2022-1563

    The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.... Read more

    Affected Products : wpgraphql
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2022-1538

    Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.... Read more

    Affected Products : theme_demo_import
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-0402

    The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected ... Read more

    Affected Products : super_forms
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-24559

    The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only ha... Read more

    Affected Products : qyrr
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2021-24151

    The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.... Read more

    Affected Products : wp_editor
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-36770

    pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.... Read more

    Affected Products : ebuild_for_slurm
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-3440

    IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    Affected Products : security_guardium
    • Published: May. 15, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-48708

    gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.... Read more

    Affected Products : ghostscript
    • Published: May. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-1155

    A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products : qloapps
    • Published: Feb. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1114

    A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. ... Read more

    Affected Products : newbee-mall
    • Published: Feb. 07, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-25023

    IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.... Read more

    Affected Products : security_guardium
    • Published: Apr. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization
Showing 20 of 293616 Results