Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-37262

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar... Read more

    • Published: Jul. 22, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2023-2416

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it pos... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 5.3

    MEDIUM
    CVE-2023-2299

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a miss... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-12808

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross... Read more

    Affected Products : wp_erp
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-22123

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-22122

    In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning i... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-13313

    The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : aweber
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2023-3345

    The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students... Read more

    Affected Products : masteriyo masteriyo
    • Published: Jul. 31, 2023
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-12743

    The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : mailpoet
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12767

    The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts... Read more

    Affected Products : buddyboss_platform
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2023-6636

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authe... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4653

    The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    • Published: Jan. 16, 2023
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-44005

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/... Read more

    • Published: Sep. 18, 2024
    • Modified: Jun. 10, 2025

  • 5.9

    MEDIUM
    CVE-2023-22707

    Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions.... Read more

    • Published: Mar. 27, 2023
    • Modified: Jun. 10, 2025

  • 6.8

    MEDIUM
    CVE-2023-0378

    The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site... Read more

    • Published: Feb. 21, 2023
    • Modified: Jun. 10, 2025

  • 6.8

    MEDIUM
    CVE-2025-2703

    The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.... Read more

    Affected Products : grafana
    • Published: Apr. 23, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2024-12397

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Jun. 10, 2025

  • 8.3

    HIGH
    CVE-2024-13917

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious applic... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-13916

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ con... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-45479

    SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Jan. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293288 Results