Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-21838

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-21836

    In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It vio... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21835

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct informat... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1315

    The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it ... Read more

    Affected Products : injob
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-0959

    The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of suffi... Read more

    Affected Products : eventer
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-9658

    The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating ... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-13904

    The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbi... Read more

    Affected Products : platform.ly_for_woocommerce
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-13781

    The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S... Read more

    Affected Products : hero_maps_premium
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-13431

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insuffic... Read more

    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-12876

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating... Read more

    Affected Products : golo
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-12611

    The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12610

    The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and includin... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-12609

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient p... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-12607

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user suppli... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-12036

    The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, t... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-12035

    The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-10804

    The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-27816

    A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host servic... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-26331

    Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code ... Read more

    • Published: Mar. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1309

    The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() functi... Read more

    Affected Products : uipress_lite
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293260 Results