Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-13552

    The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes ... Read more

    Affected Products : supportcandy
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-21843

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). U... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21842

    In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared as void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj); W... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21841

    In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't decrement the refcount in one of the exit paths, fix that.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21840

    In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events f... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21839

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-21838

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-21836

    In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It vio... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21835

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct informat... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1315

    The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it ... Read more

    Affected Products : injob
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-0959

    The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of suffi... Read more

    Affected Products : eventer
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-9658

    The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating ... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-13904

    The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbi... Read more

    Affected Products : platform.ly_for_woocommerce
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-13781

    The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S... Read more

    Affected Products : hero_maps_premium
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-13431

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insuffic... Read more

    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-12876

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating... Read more

    Affected Products : golo
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-12611

    The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12610

    The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and includin... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-12609

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient p... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-12607

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user suppli... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection
Showing 20 of 292846 Results