Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-13918

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.... Read more

    Affected Products : framework
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27257

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervi... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-27256

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a ma... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27255

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27254

    Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-27253

    An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that enstablishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the att... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-2150

    The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email... Read more

    Affected Products : c\&cm\@il
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-11638

    The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as ... Read more

    Affected Products : gtbabel
    • Published: Mar. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-1926

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post funct... Read more

    Affected Products : pagelayer
    • Published: Mar. 10, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-43107

    Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-41724

    Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-2133

    A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be la... Read more

    Affected Products : ftcms
    • Published: Mar. 10, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2132

    A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to la... Read more

    Affected Products : ftcms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2131

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting... Read more

    Affected Products : xunruicms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2130

    A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be... Read more

    Affected Products : openxe
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-2129

    A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an a... Read more

    Affected Products :
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-2127

    A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the ... Read more

    Affected Products : jux_real_estate
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2126

    A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Param... Read more

    Affected Products : jux_real_estate
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-2125

    A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the... Read more

    Affected Products : control_id_rhid
    • Published: Mar. 09, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-2124

    A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API Handler. The manipulation of the argument message leads ... Read more

    Affected Products : control_id_rhid
    • Published: Mar. 09, 2025
    • Modified: Mar. 09, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292837 Results