Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-0652

    An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential inform... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2024-8402

    An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration featu... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-7296

    An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowe... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-13891

    The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : schedule
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13885

    The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_e-customers_beta
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13884

    The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : limit_bio
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13054

    An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12380

    An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could poten... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2020-36843

    The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new vali... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-2104

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes... Read more

    Affected Products : pagelayer
    • Published: Mar. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-1561

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : apppresser
    • Published: Mar. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1503

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : wp_recipe_maker
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-2250

    The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplie... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13887

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing v... Read more

    Affected Products : business_directory
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-2107

    The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-2106

    The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1559

    The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13703

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for a... Read more

    Affected Products : crm_and_lead_management_by_vcita
    • Published: Mar. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-25293

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress S... Read more

    Affected Products : gitlab ruby-saml omniauth_saml
    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25292

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 293280 Results