Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-45993

    Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.... Read more

    Affected Products : giflib
    • Published: Sep. 30, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-43346

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3.... Read more

    Affected Products : modal_window
    • Published: Aug. 18, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-26664

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-45920

    A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.... Read more

    Affected Products : solvait
    • Published: Sep. 30, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-44860

    An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.... Read more

    Affected Products : solvait
    • Published: Sep. 26, 2024
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2025-26663

    Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-37097

    A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service... Read more

    Affected Products : insight_remote_support
    • Published: Jul. 01, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-41659

    memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a c... Read more

    Affected Products : memos
    • Published: Aug. 20, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-37098

    A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.... Read more

    Affected Products : insight_remote_support
    • Published: Jul. 01, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-6883

    The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up... Read more

    Affected Products : event_espresso
    • Published: Aug. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-37099

    A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.... Read more

    Affected Products : insight_remote_support
    • Published: Jul. 01, 2025
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2024-46097

    TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another... Read more

    Affected Products : testlink
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-5335

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-8030

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 28, 2024
    • Modified: Jul. 10, 2025

  • 7.2

    HIGH
    CVE-2022-2440

    The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call file... Read more

    Affected Products : theme_editor
    • Published: Aug. 29, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-7435

    The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject... Read more

    Affected Products : attire_blocks attire
    • Published: Aug. 31, 2024
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25411

    A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.... Read more

    Affected Products : flatpress
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-13451

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads ... Read more

    Affected Products : contact_form_builder bit_form
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2024-7620

    The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with A... Read more

    Affected Products : customizer_export\/import
    • Published: Sep. 07, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2023-37230

    Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Jul. 10, 2025
Showing 20 of 291722 Results