Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-27294

    Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.... Read more

    Affected Products : wp-asambleas
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-27290

    Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-27280

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alobaidi Archive Page allows DOM-Based XSS. This issue affects Archive Page: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-27277

    Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-27276

    Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-27272

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This issue affects VG PostCarousel: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-27266

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button allows DOM-Based XSS. This issue affects Hover Image Button: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-27265

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26883

    Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-23017

    WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-12918

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2024-12917

    Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-12916

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-1632

    A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. T... Read more

    Affected Products : libarchive
    • Published: Feb. 24, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-0545

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-5174

    A flaw in Gliffy results in broken authentication through the reset functionality of the application.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-1488

    The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possi... Read more

    • Published: Feb. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2023-52926

    In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free whe... Read more

    Affected Products : linux_kernel
    • Published: Feb. 24, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-25279

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a spec... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-24526

    Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export ch... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 291728 Results