Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-26794

    Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.... Read more

    Affected Products : exim
    • Published: Feb. 21, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1535

    A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. ... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1489

    The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This make... Read more

    Affected Products : wp-appbox
    • Published: Feb. 21, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1402

    The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authentica... Read more

    Affected Products : event_tickets event_tickets
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2024-9150

    Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DL... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-13900

    The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in... Read more

    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-13846

    The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient prepar... Read more

    Affected Products : ultimate_learning_pro
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-13713

    The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ... Read more

    Affected Products : givewp_square
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-13455

    The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products : igumbi
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-1471

    In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0... Read more

    Affected Products : omr
    • Published: Feb. 21, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-1470

    In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NU... Read more

    Affected Products : omr
    • Published: Feb. 21, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-13648

    The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : maps_for_wp
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13461

    The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient ... Read more

    Affected Products : autoship_cloud
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13353

    The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated... Read more

    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-12452

    The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : ziggeo
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12276

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficie... Read more

    Affected Products : ultimate_member
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1410

    The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : pie_calendar
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-0728

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller tha... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-0727

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-0726

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291736 Results