Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-11002

    The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an ac... Read more

    Affected Products : inpost_gallery
    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-49003

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" become... Read more

    Affected Products : dataease
    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-10857

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible ... Read more

    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10778

    The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be includ... Read more

    Affected Products : buddybuilder
    • Published: Nov. 13, 2024
    • Modified: Jul. 09, 2025

  • 4.9

    MEDIUM
    CVE-2025-49015

    The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by defau... Read more

    Affected Products : .net_sdk
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-5682

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7.... Read more

    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-6393

    A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv... Read more

    • Published: Jun. 21, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-45786

    Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.... Read more

    Affected Products : real_estate_management
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-9578

    The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execu... Read more

    Affected Products : hide_links
    • Published: Nov. 13, 2024
    • Modified: Jul. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-10891

    The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping o... Read more

    Affected Products : save_as_pdf
    • Published: Nov. 20, 2024
    • Modified: Jul. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-11195

    The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on... Read more

    Affected Products : email_subscription_popup
    • Published: Nov. 19, 2024
    • Modified: Jul. 09, 2025

  • 7.1

    HIGH
    CVE-2025-44951

    A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-44952

    A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2024-46313

    TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.... Read more

    • Published: Sep. 30, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-26198

    CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows una... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-36755

    D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.... Read more

    Affected Products : dir-1950_firmware dir-1950
    • Published: Jun. 27, 2024
    • Modified: Jul. 09, 2025

  • 7.1

    HIGH
    CVE-2025-29646

    An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-26199

    CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-23168

    The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-10788

    The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes... Read more

    Affected Products : activity_log
    • Published: Nov. 21, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 293507 Results