Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-29998

    This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-29997

    This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to ot... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-29996

    This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/pay... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-29995

    This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-29994

    This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through A... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-21104

    Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application ... Read more

    • Published: Mar. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-25175

    A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. T... Read more

    Affected Products : simcenter_femap
    • Published: Mar. 13, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-1785

    The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite... Read more

    Affected Products : download_manager download_manager
    • Published: Mar. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-2271

    A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enabl... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-1119

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an acti... Read more

    Affected Products : simply_schedule_appointments
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-1487

    The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wowpth
    • Published: Mar. 13, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1486

    The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wowpth
    • Published: Mar. 13, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1436

    The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : limit_bio
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-1401

    The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_click_info
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1257

    An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by man... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-0652

    An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential inform... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2024-8402

    An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration featu... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-7296

    An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowe... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-13891

    The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : schedule
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13885

    The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_e-customers_beta
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293335 Results