Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-13838

    The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhoo... Read more

    Affected Products : uncanny_automator
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-12589

    The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and ... Read more

    Affected Products : finale
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-13498

    The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack... Read more

    Affected Products : nex-forms
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-24912

    hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authent... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-2205

    The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanit... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2078

    The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products : blogbuzztime_for_wp
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2077

    The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for una... Read more

    Affected Products : simple_amazon_affiliate
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2076

    The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products : binlayerpress
    • Published: Mar. 12, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1508

    The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subs... Read more

    Affected Products : wp_crowdfunding
    • Published: Mar. 12, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-2220

    A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the arg... Read more

    Affected Products : odyssey_cms
    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2219

    A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be init... Read more

    Affected Products : lovecards
    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2218

    A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The... Read more

    Affected Products : lovecards
    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-2217

    A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. This affects the function ProcessRequest of the file /getAdyData.ashx. The manipulation of the argument showid leads to sql injection. It is... Read more

    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2216

    A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads t... Read more

    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-2215

    A vulnerability classified as critical was found in Doufox up to 0.2.0. Affected by this vulnerability is an unknown functionality of the file /?s=doudou&c=file&a=list. The manipulation of the argument dir leads to path traversal. The attack can be launch... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-2214

    A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the ar... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2233

    Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not... Read more

    Affected Products : smartthings
    • Published: Mar. 11, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-2213

    A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been declared as problematic. This vulnerability affects unknown code of the file /wlanPrimaryNetwork.asp of the component Wireless Menu. The manipulation of the argument SSID with th... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2212

    A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads t... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2211

    A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The atta... Read more

    Affected Products : springboot-manager
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292835 Results