Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-30211

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on a... Read more

    Affected Products : otp
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-29928

    authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not r... Read more

    Affected Products : authentik
    • Published: Mar. 28, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-22767

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22575

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22566

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-22526

    Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-22523

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.... Read more

    Affected Products : schedule
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22501

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22360

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22356

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-54362

    Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2024-54291

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-51624

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-48615

    Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.... Read more

    Affected Products : libarchive
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-39311

    Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) at... Read more

    Affected Products : publify publify publify_core
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-2877

    A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2025-2865

    SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this reques... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-2864

    SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025

  • 5.7

    MEDIUM
    CVE-2025-2863

    Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions ... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-2862

    SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cryptography
Showing 20 of 292628 Results