Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-1065

    The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization an... Read more

    Affected Products : visualizer
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13799

    The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sani... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-12173

    The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : master_slider
    • Published: Feb. 19, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1441

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This ... Read more

    Affected Products : royal_elementor_addons
    • Published: Feb. 19, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-22622

    Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-13443

    The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-11582

    The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This make... Read more

    Affected Products : subscribe2
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1448

    A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The ... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-57262

    In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related is... Read more

    Affected Products : barebox
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-57261

    In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.... Read more

    Affected Products : barebox
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1447

    A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The att... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-13508

    The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : booking_package
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-27113

    libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.... Read more

    Affected Products : libxml2
    • Published: Feb. 18, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-26624

    Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has be... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25475

    A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-25474

    DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-25473

    FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-25472

    A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-25471

    FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24928

    libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.... Read more

    Affected Products : libxml2
    • Published: Feb. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291750 Results