Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-26771

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through ... Read more

    Affected Products : skt_blocks
    • Published: Feb. 17, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26770

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.0.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26769

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-26758

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1.... Read more

    Affected Products : spotlight_social_feeds
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-26754

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block allows Stored XSS. This issue affects Timeline Block: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23845

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 ImageMeta allows Reflected XSS. This issue affects ImageMeta: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23840

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjema WP-NOTCAPTCHA allows Reflected XSS. This issue affects WP-NOTCAPTCHA: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0714

    The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration,... Read more

    Affected Products : mobaxterm
    • Published: Feb. 17, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-0001

    Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-1381

    A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is pos... Read more

    • Published: Feb. 17, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1380

    A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql injection. The a... Read more

    • Published: Feb. 17, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1379

    A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city ... Read more

    • Published: Feb. 17, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-1378

    A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached l... Read more

    Affected Products : radare2
    • Published: Feb. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2024-47935

    Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. The attacker needs to hijack the DLL file in a... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2024-13726

    The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : themes_coder
    • Published: Feb. 17, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2024-13627

    The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : owl_carousel_slider
    • Published: Feb. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13626

    The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admi... Read more

    Affected Products : vr-frases
    • Published: Feb. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13625

    The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : tube_video_ads_lite
    • Published: Feb. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-13608

    The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : track_logins
    • Published: Feb. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-13603

    The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.... Read more

    Affected Products : wise_forms
    • Published: Feb. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291804 Results