Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-1673

    A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.... Read more

    Affected Products : zephyr
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1648

    The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... Read more

    Affected Products : yawave
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1128

    The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF... Read more

    Affected Products : everest_forms
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-1063

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for... Read more

    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-22210

    A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.... Read more

    Affected Products : hikashop
    • Published: Feb. 25, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2024-10545

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : nextgen_gallery
    • Published: Feb. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1646

    A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file ... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-1645

    A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of reso... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1644

    A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. It is possible to... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-1643

    A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation leads to cross-site request forgery. The attack may be in... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-1642

    A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resou... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-1641

    A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1640

    A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToRet... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-27144

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior t... Read more

    Affected Products : go-jose
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-27143

    Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other ... Read more

    Affected Products : better_auth
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22974

    SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-57685

    An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.... Read more

    Affected Products : sparkshop
    • Published: Feb. 24, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56525

    In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML do... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2024-53544

    NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection
Showing 20 of 291717 Results