Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2025-2764

    CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Alth... Read more

    Affected Products : cpc200-ccpa autokit
    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2765

    CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is ... Read more

    Affected Products : cpc200-ccpa autokit
    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-6479

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user suppl... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 6.4

    MEDIUM
    CVE-2024-6480

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input saniti... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-28265

    IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.... Read more

    Affected Products : ibos
    • Published: Nov. 01, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-48059

    gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malici... Read more

    Affected Products : chuanhuchatgpt chuanhuchatgpt
    • Published: Nov. 04, 2024
    • Modified: Jul. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10084

    The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contribut... Read more

    • Published: Nov. 05, 2024
    • Modified: Jul. 11, 2025

  • 7.7

    HIGH
    CVE-2024-40715

    A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.... Read more

    • Published: Nov. 07, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-10683

    The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This m... Read more

    Affected Products : paypal_\&_stripe_add-on
    • Published: Nov. 09, 2024
    • Modified: Jul. 11, 2025

  • 8.1

    HIGH
    CVE-2025-1290

    A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before... Read more

    Affected Products : linux_kernel chrome_os
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-10717

    The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This ... Read more

    Affected Products : styler_for_ninja_forms
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-39710

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-39711

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-39712

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-9614

    The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for un... Read more

    Affected Products : constant_contact_forms
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2025-1532

    Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.... Read more

    Affected Products : phoneservice phoneservice
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-28131

    A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to i... Read more

    • Published: Apr. 01, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-2188

    There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.... Read more

    Affected Products : gamecenter
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-28059

    An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails ... Read more

    Affected Products : network_analyzer
    • Published: Apr. 18, 2025
    • Modified: Jul. 11, 2025

  • 5.5

    MEDIUM
    CVE-2020-36775

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like we did in f2fs_write_single_data_page().... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 291562 Results