Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-13887

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing v... Read more

    Affected Products : business_directory
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-2107

    The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-2106

    The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1559

    The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13703

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for a... Read more

    Affected Products : crm_and_lead_management_by_vcita
    • Published: Mar. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-25293

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress S... Read more

    Affected Products : gitlab ruby-saml omniauth_saml
    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25292

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25291

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-26290

    Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root p... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-27407

    graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Sc... Read more

    Affected Products : graphql
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-25975

    An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function... Read more

    Affected Products : parse-git-config
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-22870

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be ... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-0118

    A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticate... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Mar. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-0117

    A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS,... Read more

    Affected Products : globalprotect_app
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-0116

    A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condit... Read more

    Affected Products : pan-os
    • Published: Mar. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-0115

    A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenti... Read more

    Affected Products : pan-os
    • Published: Mar. 12, 2025
    • Modified: Mar. 15, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-0114

    A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. ... Read more

    Affected Products : pan-os
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-27017

    Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those p... Read more

    Affected Products : nifi
    • Published: Mar. 12, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-25774

    An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (Do... Read more

    Affected Products : open5gs
    • Published: Mar. 12, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-25683

    AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 292907 Results