Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    CVSS31
    CVE-2024-13351

    The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 7.2

    CVSS31
    CVE-2024-50566

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7... Read more

    Affected Products : fortimanager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS31
    CVE-2025-0354

    Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlie... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 7.2

    CVSS31
    CVE-2025-23052

    Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operati... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS31
    CVE-2024-46481

    The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.2

    CVSS31
    CVE-2024-13158

    An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS31
    CVE-2024-13162

    SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS31
    CVE-2024-36512

    An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorize... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS30
    CVE-2025-23082

    Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.2

    CVSS31
    CVE-2024-35273

    A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.1

    CVSS31
    CVE-2025-21299

    Windows Kerberos Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.1

    CVSS31
    CVE-2025-22576

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2024-47100

    A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES721... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.1

    CVSS31
    CVE-2025-22568

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paramveer Singh for Arete IT Private Limited Post And Page Reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through 1.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22506

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartAgenda Smart Agenda allows Stored XSS.This issue affects Smart Agenda: from n/a through 4.7.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22514

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Tatheer KNR Author List Widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through 3.1.1.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22586

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through 0.4.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22567

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22569

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Featured Page Widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    CVSS31
    CVE-2025-22314

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a throug... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
Showing 20 of 600 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 11:05