Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-26871

    Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.... Read more

    Affected Products : essential_blocks
    • Published: Feb. 25, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-26868

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow allows Reflected XSS. This issue affects Fast Flow: from n/a through 1.2.16.... Read more

    Affected Products : fastflow
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-26753

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.... Read more

    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-26752

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.... Read more

    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26751

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination allows Reflected XSS. This issue affects Alphabetic Pagination: from n/a through 3.2.1.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-54444

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10.... Read more

    Affected Products : website_builder
    • Published: Feb. 25, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-34036

    An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2024-34035

    An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2024-34034

    An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2023-25574

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authe... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-51539

    The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on ... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1262

    The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.... Read more

    Affected Products : advanced_google_recaptcha
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-1676

    A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack ... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-13695

    The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make ... Read more

    Affected Products : enfold
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-13693

    The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia set... Read more

    Affected Products : enfold
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-1675

    The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.... Read more

    Affected Products : zephyr
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-1674

    A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.... Read more

    Affected Products : zephyr
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-13494

    The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for un... Read more

    Affected Products : wordpress_file_upload
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.2

    HIGH
    CVE-2025-1673

    A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.... Read more

    Affected Products : zephyr
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1648

    The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... Read more

    Affected Products : yawave
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection
Showing 20 of 291615 Results