Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    CVSS31
    CVE-2025-22779

    Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 4.3

    CVSS31
    CVE-2024-6352

    A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 4.3

    CVSS31
    CVE-2024-48883

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malforme... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 4.3

    CVSS31
    CVE-2025-22729

    Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 4.3

    CVSS31
    CVE-2025-22731

    Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 4.3

    CVSS31
    CVE-2025-0446

    Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 4.3

    CVSS31
    CVE-2024-35278

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submit... Read more

    Affected Products : fortiportal
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.3

    CVSS31
    CVE-2024-13215

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 4.3

    CVSS31
    CVE-2025-21329

    MapUrlToZone Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.3

    CVSS31
    CVE-2025-21328

    MapUrlToZone Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.3

    CVSS31
    CVE-2025-21219

    MapUrlToZone Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.2

    CVSS31
    CVE-2025-22134

    When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch ... Read more

    Affected Products : vim
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 4.2

    CVSS31
    CVE-2025-21214

    Windows BitLocker Information Disclosure Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.2

    CVSS31
    CVE-2025-21210

    Windows BitLocker Information Disclosure Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.1

    CVSS31
    CVE-2024-52969

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.... Read more

    Affected Products : fortisiem
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.0

    CVSS31
    CVE-2024-56138

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revoca... Read more

    Affected Products : notation-go
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 3.7

    CVSS31
    CVE-2024-52963

    A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.... Read more

    Affected Products : fortios fortipam
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 3.7

    CVSS31
    CVE-2024-36506

    An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 3.7

    CVSS31
    CVE-2024-46665

    An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-req... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 3.5

    CVSS31
    CVE-2024-52967

    An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.... Read more

    Affected Products : fortiportal
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
Showing 20 of 685 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 17:09