Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-40362

    An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is... Read more

    Affected Products : click2gov_building_permit
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-3771

    The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.... Read more

    Affected Products : t1
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2023-3647

    The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : iurny
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-3372

    The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stor... Read more

    Affected Products : lana_shortcodes
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-34063

    Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. ... Read more

    Affected Products : cloud_foundation aria_automation
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-30016

    SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.... Read more

    Affected Products : judging_management_system
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2023-22526

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary cod... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 3.2

    LOW
    CVE-2023-20573

    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. ... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 7.4

    HIGH
    CVE-2023-0824

    The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : userplus
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-0479

    The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with ... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2022-3829

    The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa... Read more

    Affected Products : font_awesome_4_menus
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2022-3764

    The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability.... Read more

    Affected Products : form_vibes
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-3739

    The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_best_quiz
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2022-1563

    The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.... Read more

    Affected Products : wpgraphql
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2022-1538

    Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.... Read more

    Affected Products : theme_demo_import
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-0402

    The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected ... Read more

    Affected Products : super_forms
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-24559

    The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only ha... Read more

    Affected Products : qyrr
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2021-24151

    The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.... Read more

    Affected Products : wp_editor
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-36770

    pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.... Read more

    Affected Products : ebuild_for_slurm
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-3440

    IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    Affected Products : security_guardium
    • Published: May. 15, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293620 Results