Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-11638

    The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as ... Read more

    Affected Products : gtbabel
    • Published: Mar. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-1926

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post funct... Read more

    Affected Products : pagelayer
    • Published: Mar. 10, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-43107

    Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-41724

    Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-2133

    A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be la... Read more

    Affected Products : ftcms
    • Published: Mar. 10, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2132

    A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to la... Read more

    Affected Products : ftcms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2131

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting... Read more

    Affected Products : xunruicms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2130

    A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be... Read more

    Affected Products : openxe
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-2129

    A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an a... Read more

    Affected Products :
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-2127

    A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the ... Read more

    Affected Products : jux_real_estate
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2126

    A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Param... Read more

    Affected Products : jux_real_estate
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-2125

    A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the... Read more

    Affected Products : control_id_rhid
    • Published: Mar. 09, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-2124

    A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API Handler. The manipulation of the argument message leads ... Read more

    Affected Products : control_id_rhid
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2123

    A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywo... Read more

    Affected Products : geshi
    • Published: Mar. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-2122

    A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack c... Read more

    • Published: Mar. 09, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-27636

    Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to versio... Read more

    Affected Products : camel
    • Published: Mar. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2121

    A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within t... Read more

    • Published: Mar. 09, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 4.6

    MEDIUM
    CVE-2025-2120

    A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to c... Read more

    • Published: Mar. 09, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-2119

    A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It... Read more

    Affected Products :
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-2118

    A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulation of the argument username leads to sql injection. It... Read more

    Affected Products :
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Injection
Showing 20 of 292770 Results