Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-12878

    The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : lazy_blocks
    • Published: Feb. 26, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12737

    The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege u... Read more

    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12434

    The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-10563

    The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and... Read more

    Affected Products : woo_cart_count_shortcode
    • Published: Feb. 26, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-10483

    The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : simplepress
    • Published: Feb. 26, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-10152

    The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admi... Read more

    • Published: Feb. 26, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2022-25773

    This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functional... Read more

    Affected Products : mautic
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-22881

    Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to ... Read more

    Affected Products : cncsoft-g2
    • Published: Feb. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-22869

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.... Read more

    Affected Products : ssh
    • Published: Feb. 26, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-22868

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.... Read more

    Affected Products : traefik jws
    • Published: Feb. 26, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-0889

    Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation ... Read more

    Affected Products : privilege_management_for_windows
    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0236

    Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-0235

    Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-0234

    Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49731

    In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starti... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2022-49730

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted A use-after-free crash can occur after an ELS LOGO is aborted. Specifically, a nodelist structure is freed and the... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49729

    In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49728

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in __ip6_append_data Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type to size_t. UBSAN: sign... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49727

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv6 does and subtract th... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-49726

    In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293308 Results