Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-35836

    An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attack... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 11, 2025

  • 8.8

    HIGH
    CVE-2023-33472

    An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.... Read more

    Affected Products : scada-lts
    • Published: Jan. 13, 2024
    • Modified: Jun. 11, 2025

  • 7.4

    HIGH
    CVE-2023-21901

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Ea... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2023-1405

    The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.... Read more

    Affected Products : formidable_forms
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2023-0389

    The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability... Read more

    Affected Products : calculated_fields_form
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 7.8

    HIGH
    CVE-2022-3604

    The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-0775

    The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment... Read more

    Affected Products : woocommerce woocommerce
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-42142

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.... Read more

    Affected Products : tinydtls
    • Published: Jan. 23, 2024
    • Modified: Jun. 11, 2025

  • 8.8

    HIGH
    CVE-2021-24566

    The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2021-24432

    The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.... Read more

    Affected Products : advanced_ajax_product_filters
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-12739

    The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : mobile_contact_bar
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-6584

    The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.... Read more

    Affected Products : jetpack_boost
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-6693

    The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-6712

    The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : mapfig_studio
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-6713

    The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : pvn_auth_popup
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-7556

    The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : simple_share
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-7759

    The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : pwa_for_wp_\&_amp
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-7761

    In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : simple_job_board
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-7769

    The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : clicksold_idx
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-7984

    The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : joy_of_text_lite joy_of_text
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293288 Results