Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-26706

    Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26705

    Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-26704

    Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-26703

    Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26702

    Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-13228

    The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-lev... Read more

    Affected Products : qubely
    • Published: Mar. 11, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-0629

    The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13864

    The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : countdown_timer
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13862

    The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13853

    The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : seo_tools
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13836

    The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_login_control
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13615

    The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr... Read more

    Affected Products : social_snap
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13580

    The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : xv_random_quotes xv_random_quotes
    • Published: Mar. 11, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-13574

    The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : xv_random_quotes xv_random_quotes
    • Published: Mar. 11, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13413

    The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-2169

    The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not proper... Read more

    Affected Products : wordpress_currency_switcher
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-26707

    Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.... Read more

    Affected Products : goldendb zxcloud_goldendb
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1661

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for ... Read more

    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-13436

    The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-12010

    A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (O... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection
Showing 20 of 292774 Results