Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2023-6636

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authe... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4653

    The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    • Published: Jan. 16, 2023
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-44005

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/... Read more

    • Published: Sep. 18, 2024
    • Modified: Jun. 10, 2025

  • 5.9

    MEDIUM
    CVE-2023-22707

    Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions.... Read more

    • Published: Mar. 27, 2023
    • Modified: Jun. 10, 2025

  • 6.8

    MEDIUM
    CVE-2023-0378

    The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site... Read more

    • Published: Feb. 21, 2023
    • Modified: Jun. 10, 2025

  • 6.8

    MEDIUM
    CVE-2025-2703

    The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.... Read more

    Affected Products : grafana
    • Published: Apr. 23, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2024-12397

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Jun. 10, 2025

  • 8.3

    HIGH
    CVE-2024-13917

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious applic... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-13916

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ con... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-45479

    SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Jan. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-45478

    Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Jan. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-13915

    Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-6807

    A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request... Read more

    • Published: Jul. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-2318

    A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileNam... Read more

    Affected Products : zkbio_media
    • Published: Mar. 08, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-7533

    CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.... Read more

    • Published: Dec. 01, 2020
    • Modified: Jun. 10, 2025

  • 2.7

    LOW
    CVE-2024-31040

    Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.... Read more

    Affected Products : nanomq
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-31041

    Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.... Read more

    Affected Products : nanomq
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2024-31583

    Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.... Read more

    Affected Products : pytorch pytorch_lightning
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-31750

    SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.... Read more

    Affected Products : datacube3_firmware datacube3
    • Published: Apr. 19, 2024
    • Modified: Jun. 10, 2025

  • 6.8

    MEDIUM
    CVE-2024-31036

    A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.... Read more

    Affected Products : nanomq
    • Published: Apr. 22, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293298 Results