Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0493

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthentic... Read more

    Affected Products : multivendorx
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-10867

    The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization a... Read more

    Affected Products : borderless
    • Published: Jan. 31, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-0470

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and ou... Read more

    Affected Products : forminator forminator_forms
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-47900

    Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.... Read more

    Affected Products : ddk
    • Published: Jan. 31, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-47899

    Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.... Read more

    Affected Products : ddk
    • Published: Jan. 31, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-47898

    Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.... Read more

    Affected Products : ddk
    • Published: Jan. 31, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-47891

    Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.... Read more

    Affected Products : ddk
    • Published: Jan. 31, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-13463

    The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-46974

    Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.... Read more

    Affected Products : ddk
    • Published: Jan. 31, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-13767

    The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-13399

    The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13397

    The WPRadio – WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradio_player' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output esca... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13396

    The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2023-0092

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.... Read more

    Affected Products : juju
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-1736

    Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.... Read more

    Affected Products : ubuntu_linux gnome-remote-desktop
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2020-11936

    gdbus setgid privilege escalation... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-23929

    This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypa... Read more

    • Published: Jan. 31, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-23921

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp... Read more

    • Published: Jan. 31, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-23920

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboard... Read more

    • Published: Jan. 31, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2022-28653

    Users can consume unlimited disk space in /var/crash... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291335 Results