Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-12696

    The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient i... Read more

    Affected Products : picture_gallery
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12385

    The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This make... Read more

    Affected Products : wp_abstracts
    • Published: Jan. 18, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.4

    MEDIUM
    CVE-2025-0554

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Jan. 18, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-0318

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in t... Read more

    Affected Products : ultimate_member
    • Published: Jan. 18, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-0308

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to i... Read more

    Affected Products : ultimate_member
    • Published: Jan. 18, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-9020

    The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : list_category_posts
    • Published: Jan. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13516

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products :
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13515

    The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output es... Read more

    Affected Products : image_source_control
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12071

    The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and incl... Read more

    Affected Products : evergreen_content_poster
    • Published: Jan. 18, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-23209

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone run... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Jan. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-11923

    Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3... Read more

    Affected Products :
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-50739

    A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9464

    In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2018-9461

    In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2018-9406

    In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2018-9405

    In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9401

    In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9389

    In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9387

    In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-23208

    zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing... Read more

    Affected Products : zot
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization
Showing 20 of 291170 Results