Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-37454

    The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interfac... Read more

    • EPSS Score: %1.80
    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12194

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12193

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12192

    A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12191

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12179

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the c... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12178

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 8.6

    HIGH
    CVE-2024-22917

    SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : dynamic_lab_management_system
    • Published: Feb. 27, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-39718

    An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2025-47446

    Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6.... Read more

    Affected Products : listamester
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-47449

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Meow Gallery allows Stored XSS. This issue affects Meow Gallery: from n/a through 5.2.7.... Read more

    Affected Products : meow_gallery
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-47451

    Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47467

    Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0.... Read more

    Affected Products : gs_testimonial_slider
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-47470

    Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47471

    Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9.... Read more

    Affected Products : envo_extra
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-47481

    Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider allows Code Injection. This issue affects GS Testimonial Slider: from n/a through 3.2.9.... Read more

    Affected Products : gs_testimonial_slider
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-47484

    Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.5

    HIGH
    CVE-2025-47490

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail allows SQL Injection. This issue affects Ultimate WP Mail: from n/a through 1.3.4.... Read more

    Affected Products : ultimate_wp_mail
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-47493

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.9.... Read more

    Affected Products : ultimate_blocks
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-47495

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare allows Stored XSS. This issue affects Blockspare: from n/a through 3.2.9.... Read more

    Affected Products : blockspare
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291641 Results