Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-1403

    Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.... Read more

    Affected Products : qiskit
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-45673

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be... Read more

    • Published: Feb. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-26013

    An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-1544

    A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shopId leads to sql injection. It is possible to launch the ... Read more

    Affected Products : dingfanzu
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1543

    A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated... Read more

    Affected Products : dreamer_cms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1539

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may ... Read more

    Affected Products : dap-1320_firmware
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-1538

    A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The ex... Read more

    Affected Products : dap-1320_firmware dap-1320
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-1537

    A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument codexame leads to sql injection. The atta... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1536

    A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpn_template_style.php of the component Request Parameter Handler. The manip... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0838

    There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass... Read more

    Affected Products : debian_linux common_libraries
    • Published: Feb. 21, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-10222

    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : svg_support
    • Published: Feb. 21, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2020-6158

    Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate anothe... Read more

    Affected Products : opera_mini
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-26794

    Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.... Read more

    Affected Products : exim
    • Published: Feb. 21, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1535

    A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. ... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1489

    The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This make... Read more

    Affected Products : wp-appbox
    • Published: Feb. 21, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1402

    The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authentica... Read more

    Affected Products : event_tickets event_tickets
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2024-9150

    Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DL... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-13900

    The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in... Read more

    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-13846

    The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient prepar... Read more

    Affected Products : ultimate_learning_pro
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-13713

    The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ... Read more

    Affected Products : givewp_square
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection
Showing 20 of 291728 Results