Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-56494

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56493

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54170

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-54169

    IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-13148

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27154

    Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to... Read more

    Affected Products : spotipy
    • Published: Feb. 27, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-22280

    Missing Authorization vulnerability in revmakx DefendWP Firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2024-9334

    Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-1739

    An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl ... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authentication

  • 6.2

    MEDIUM
    CVE-2025-1738

    A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Cryptography

  • 3.9

    LOW
    CVE-2025-1693

    The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to ... Read more

    Affected Products : mongosh
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-1692

    The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to... Read more

    Affected Products : mongosh
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-1691

    The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the fo... Read more

    Affected Products : mongosh
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-13402

    The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : buddyboss_platform
    • Published: Feb. 27, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1751

    A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-13217

    The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contribu... Read more

    Affected Products : jeg_elementor_kit
    • Published: Feb. 27, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-10918

    Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.... Read more

    Affected Products : libmodbus
    • Published: Feb. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-1450

    The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-hover’ parameter in all versions up to, and incl... Read more

    Affected Products : floating_chat_widget
    • Published: Feb. 27, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13734

    The Card Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Profile Card widget in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products : card_elements_for_elementor
    • Published: Feb. 27, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1690

    The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products : stripe_checkout
    • Published: Feb. 27, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292801 Results