Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2023-7197

    The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : marketing_twitter_bot
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-0852

    The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin... Read more

    Affected Products : coreactivity
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2024-10009

    The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : melapress_file_monitor
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2023-2334

    The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change ... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2023-6030

    The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL... Read more

    Affected Products : logdash_activity_log
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-6541

    The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : allow_svg
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2023-6783

    The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : wolfnet_idx_for_wordpress
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-45510

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into sp... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 20, 2024
    • Modified: Jun. 11, 2025

  • 4.6

    MEDIUM
    CVE-2025-43925

    An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.... Read more

    Affected Products : focal_point
    • Published: Jun. 03, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-23095

    An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-23096

    An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-23101

    An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    Affected Products : exynos_1380_firmware exynos_1380
    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-23106

    An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-29093

    File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.... Read more

    Affected Products : content_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-29094

    Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.... Read more

    Affected Products : content_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2022-3836

    The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : seed_social
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2022-1617

    The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in the... Read more

    Affected Products : wp-invoice
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.... Read more

    • Actively Exploited
    • Published: Oct. 10, 2023
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-12722

    The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the con... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12724

    The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_desklite
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293288 Results