Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-10644

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-56180

    CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hes... Read more

    Affected Products : eventmesh
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-10650

    An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can s... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-27888

    Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue af... Read more

    Affected Products : druid
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-23015

    Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting d... Read more

    Affected Products : cassandra
    • Published: Feb. 04, 2025
    • Modified: Jul. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-27137

    In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the J... Read more

    Affected Products : cassandra
    • Published: Feb. 04, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-27391

    Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 09, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27427

    A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permissi... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 01, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-46910

    An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.... Read more

    Affected Products : atlas
    • Published: Feb. 13, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-41393

    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Mo... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38001

    In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 06, 2025
    • Modified: Jul. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-22151

    Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.... Read more

    • Published: Jun. 08, 2024
    • Modified: Jul. 12, 2025

  • 6.5

    MEDIUM
    CVE-2024-5208

    An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload reques... Read more

    Affected Products : anythingllm
    • Published: Jun. 19, 2024
    • Modified: Jul. 12, 2025

  • 7.5

    HIGH
    CVE-2024-10813

    The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthen... Read more

    Affected Products : woo_product_table
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 8.8

    HIGH
    CVE-2024-10873

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level acce... Read more

    Affected Products : element_kit_for_elementor
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-10880

    The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0... Read more

    Affected Products : jobboardwp
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-11188

    The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and includi... Read more

    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-9659

    The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it poss... Read more

    Affected Products : school_management_system
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 8.8

    HIGH
    CVE-2024-9660

    The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5... Read more

    Affected Products : school_management_system
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-10519

    The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products : wishlist_for_woocommerce
    • Published: Nov. 23, 2024
    • Modified: Jul. 12, 2025
Showing 20 of 291712 Results