Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-1354

    A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of ... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-1353

    A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complex... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-1352

    A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corru... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-1341

    A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The comple... Read more

    Affected Products : pmweb
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-1340

    A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible... Read more

    Affected Products : x18_firmware
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1339

    A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The at... Read more

    Affected Products : x18_firmware
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1338

    A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can b... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-1337

    A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Up... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-1336

    A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. Th... Read more

    Affected Products : cmseasy
    • Published: Feb. 16, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-1335

    A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to laun... Read more

    Affected Products : cmseasy
    • Published: Feb. 16, 2025
    • Modified: Feb. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-57971

    DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.... Read more

    Affected Products : knowage
    • Published: Feb. 16, 2025
    • Modified: Mar. 21, 2025

  • 4.0

    MEDIUM
    CVE-2024-57970

    libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.... Read more

    Affected Products : libarchive
    • Published: Feb. 16, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-1332

    A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attac... Read more

    Affected Products : fastcms fastcms
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-26793

    The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configura... Read more

    Affected Products :
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-13834

    The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This m... Read more

    Affected Products : responsive_addons
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-0822

    Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbit... Read more

    Affected Products : bit_assist
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-13500

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insuf... Read more

    Affected Products : wp_project_manager
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13488

    The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 15, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-13439

    The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers,... Read more

    Affected Products : team
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-10581

    The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possib... Read more

    Affected Products : directorypress
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291741 Results