Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-1365

    A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is ... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0591

    Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.... Read more

    Affected Products : cx-one
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-26779

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0.... Read more

    Affected Products : keep_backup_daily
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26768

    Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-26767

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12.... Read more

    Affected Products : qubely
    • Published: Feb. 16, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26766

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.... Read more

    Affected Products : leyka
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-26765

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26761

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-26759

    Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-26755

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9.... Read more

    Affected Products : wp_airbnb_review_slider
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-23975

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22689

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS. This issue affects Forex Calculators: from n/a through 1.3.6.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22680

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a through 2.7.39.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22676

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-22291

    Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a th... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-22290

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a ... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22289

    Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.... Read more

    • Published: Feb. 16, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition:... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22284

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a th... Read more

    • Published: Feb. 16, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1364

    A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this vulnerability is the function passPrompt of the component USB Protection Service. The manipulation leads to stack-based buffer overflo... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291728 Results