Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-0952

    The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all v... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-13913

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php'... Read more

    Affected Products : instawp_connect
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025

  • 8.8

    HIGH
    CVE-2024-13376

    The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-2166

    The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2056

    The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Mar. 14, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-1528

    The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers,... Read more

    Affected Products : search_\&_filter
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-1285

    The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for u... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0955

    The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthentic... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-11286

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. ... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-11285

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via th... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-11284

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the acco... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-11283

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This mak... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30022

    CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.... Read more

    Affected Products : auto_atendimento
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-26163

    CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.... Read more

    Affected Products : auto_atendimento
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-24855

    numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltCom... Read more

    Affected Products : libxslt
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-55549

    xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.... Read more

    Affected Products : libxslt
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-55060

    A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : rafed_cms_website
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-2230

    A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-2229

    A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2025-27496

    Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver wou... Read more

    Affected Products : snowflake_jdbc
    • Published: Mar. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293308 Results