Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    CVSS31
    CVE-2025-22748

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SetMore Appointments SetMore Theme – Custom Post Types allows Stored XSS.This issue affects SetMore Theme – Custom Post Types: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22329

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-0058

    In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability ... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2025-22744

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob von Bothmer / SeoDev S-DEV SEO allows Stored XSS.This issue affects S-DEV SEO: from n/a through 1.88.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-21217

    Windows NTLM Spoofing Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2025-0439

    Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-0442

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-0060

    SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this inform... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2025-22758

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aiwp Elementor AI Addons allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-0440

    Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-0441

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22759

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual ... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HireHive HireHive Job Plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through 2.9.0.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2024-11734

    A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which caus... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2025-22769

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22781

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22747

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tor Morten Jensen Foundation Columns allows Stored XSS.This issue affects Foundation Columns: from n/a through 0.8.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-22780

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Yuzhakov wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through 1.17.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-20088

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-20086

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
Showing 20 of 702 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 17:36