Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-32025

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.... Read more

    Affected Products :
    • Published: Apr. 16, 2024
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-31914

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more

    • Published: Jan. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.6

    LOW
    CVE-2024-30252

    Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an a... Read more

    Affected Products :
    • Published: Apr. 04, 2024
    • Modified: Aug. 27, 2025

  • 7.7

    HIGH
    CVE-2025-24206

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-30220

    Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer su... Read more

    • Published: Apr. 15, 2024
    • Modified: Aug. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-30039

    Windows Remote Access Connection Manager Information Disclosure Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-30030

    Win32k Elevation of Privilege Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-30025

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-30020

    Windows Cryptographic Services Remote Code Execution Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-30018

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-30011

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-2931

    The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for aut... Read more

    Affected Products : wpfront_user_role_editor
    • Published: Apr. 02, 2024
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-2868

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all ver... Read more

    • Published: Apr. 04, 2024
    • Modified: Aug. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-2822

    A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the atta... Read more

    Affected Products : dedecms
    • Published: Mar. 22, 2024
    • Modified: Aug. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-2821

    A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. T... Read more

    Affected Products : dedecms
    • Published: Mar. 22, 2024
    • Modified: Aug. 27, 2025

  • 4.4

    MEDIUM
    CVE-2024-2689

    Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left u... Read more

    Affected Products :
    • Published: Apr. 03, 2024
    • Modified: Aug. 27, 2025

  • 6.8

    MEDIUM
    CVE-2024-2654

    The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read th... Read more

    Affected Products : file_manager file_manager
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-2423

    The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to... Read more

    Affected Products : userswp
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-2348

    The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products : gum_elementor_addon
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-2200

    The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : contact_form
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 292238 Results