Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-51310

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large am... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-51311

    PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System ... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-5702

    The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64... Read more

    Affected Products : glibc
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-54356

    Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5... Read more

    • Published: Dec. 16, 2024
    • Modified: Jun. 05, 2025

  • 7.1

    HIGH
    CVE-2024-54301

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.6.... Read more

    Affected Products : formfacade
    • Published: Dec. 13, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2023-41802

    Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.... Read more

    Affected Products : super_socializer
    • Published: Dec. 13, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2023-41695

    Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0.... Read more

    • Published: Dec. 13, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-46795

    Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a throu... Read more

    • Published: Dec. 13, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-11356

    The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    Affected Products : tour_master
    • Published: Jan. 06, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-45830

    Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.... Read more

    • Published: Jan. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-37235

    Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.... Read more

    Affected Products : groundhogg
    • Published: Jan. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2024-11357

    The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : goodlayers_core
    • Published: Jan. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-56229

    Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6.... Read more

    Affected Products : searchiq
    • Published: Dec. 31, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-56175

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-56174

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-56173

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-1679

    The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due ... Read more

    Affected Products : print_labels_with_barcodes
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-1677

    The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJ... Read more

    Affected Products : print_labels_with_barcodes
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-1584

    The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, ... Read more

    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-1895

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. Thi... Read more

    Affected Products : event_monster
    • Published: Apr. 30, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292796 Results