Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-0433

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insu... Read more

    Affected Products : master_addons
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-9618

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insuff... Read more

    Affected Products : master_addons
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13724

    The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for un... Read more

    Affected Products : wallet_system_for_woocommerce
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13682

    The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect non... Read more

    Affected Products : wallet_system_for_woocommerce
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-27521

    Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2024-58050

    Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-58049

    Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-58048

    Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-58047

    Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2024-58046

    Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2024-58045

    Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2024-58044

    Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-58043

    Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2024-48248

    NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).... Read more

    Affected Products : backup_\&_replication_director
    • Actively Exploited
    • Published: Mar. 04, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-0360

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-0359

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS ... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-47262

    Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or service... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-47260

    51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.  Axis has re... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2024-47259

    Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with t... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13685

    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE... Read more

    Affected Products : admin_and_site_enhancements
    • Published: Mar. 04, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 293352 Results