Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-25784

    An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.... Read more

    Affected Products : jizhicms
    • Published: Feb. 26, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25783

    An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.... Read more

    Affected Products : emlog
    • Published: Feb. 26, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-1716

    picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricte... Read more

    Affected Products : picklescan
    • Published: Feb. 26, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Supply Chain

  • 5.3

    MEDIUM
    CVE-2025-1249

    Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1.... Read more

    Affected Products : events_manager
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2024-52925

    In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.... Read more

    Affected Products : metadefender_kiosk
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2022-49732

    In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()") has moved the inet_csk_has_ulp(sk) check from sk_psock_init() to... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-26925

    Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-0719

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : cloud_pak_for_data
    • Published: Feb. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-1517

    The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and L... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Feb. 26, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0731

    An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2024-6810

    The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administr... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-47053

    This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's API Aut... Read more

    Affected Products : mautic
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-47051

    This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerabili... Read more

    Affected Products : mautic
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-39441

    In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products : android s8000 t310 t606 t610 t612 t616 t618 t760 t770 +3 more products
    • Published: Feb. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13803

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization... Read more

    Affected Products : essential_blocks
    • Published: Feb. 26, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13678

    The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : r3w_instafeed
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13669

    The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : calendapp
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13634

    The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : post_sync
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13633

    The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : simple_catalogue
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291777 Results