Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-55660

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allo... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-2861

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : profilepress
    • Published: May. 23, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55659

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a pa... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55658

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitr... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55657

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-5177

    The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : hash_elements
    • Published: May. 23, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-4700

    The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : wp_table_builder wp_table_builder
    • Published: May. 21, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-3974

    The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : buddypress
    • Published: May. 14, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-3729

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to mani... Read more

    Affected Products : frontend_admin
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-3554

    The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient... Read more

    Affected Products : all_in_one_seo
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-1809

    The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up t... Read more

    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 8.6

    HIGH
    CVE-2024-42552

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-42553

    A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-42554

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-42555

    A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42556

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-42557

    A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42558

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-42560

    A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details ... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-42561

    Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292811 Results