Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-13774

    The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist... Read more

    Affected Products : wishlist_for_woocommerce
    • Published: Mar. 08, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-12460

    The Years Since – Timeless Texts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'years-since' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Mar. 08, 2025
    • Modified: Mar. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1261

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escapin... Read more

    Affected Products : ht_mega
    • Published: Mar. 08, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.2

    LOW
    CVE-2025-27839

    operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may n... Read more

    Affected Products :
    • Published: Mar. 08, 2025
    • Modified: Mar. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2097

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2096

    A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os c... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2095

    A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to in... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2094

    A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os c... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-2093

    A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone nu... Read more

    Affected Products : online_library_management_system
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-27826

    An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-27825

    An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-27824

    An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the a... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-27823

    An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value o... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-27822

    An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switchi... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-42733

    An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input... Read more

    Affected Products : tornado
    • Published: Mar. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-2024

    Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this ... Read more

    Affected Products : sketchup
    • Published: Mar. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-26643

    The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge_chromium
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-27607

    Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the na... Read more

    Affected Products : python_json_logger
    • Published: Mar. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Supply Chain

  • 7.5

    HIGH
    CVE-2025-27604

    XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fi... Read more

    Affected Products : confluence_migrator
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-0162

    IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resource... Read more

    Affected Products : aspera_shares
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: XML External Entity
Showing 20 of 293186 Results