Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and a…
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.…
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass t…
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplie…
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems fr…
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and …
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin cha…
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resultin…
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Ev…
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.