Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-56180

    CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hes... Read more

    Affected Products : eventmesh
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-12651

    Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-24700

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24699

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.... Read more

    Affected Products : wp_coder
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24692

    Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-24688

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.... Read more

    Affected Products : wp_mailster
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24641

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24617

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.... Read more

    Affected Products : acymailing
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24615

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.... Read more

    Affected Products : analytics_cat
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24614

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agileLogix Post Timeline allows Reflected XSS. This issue affects Post Timeline: from n/a through 2.3.9.... Read more

    Affected Products : post_timeline
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-24607

    Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71.... Read more

    Affected Products : ideapush
    • Published: Feb. 14, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-24592

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce allows Reflected XSS. This issue affects Customize My Account for WooCommerce: from n/a through 2.8.22.... Read more

    Affected Products : customize_my_account
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-24567

    Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data. This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-24566

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation allows Reflected XSS. This issue affects Intro Tour Tutorial DeepPresentation: from n/a through 6.5.2.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24565

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.3.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24564

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode allows Reflected XSS. This issue affects Contact Form With Shortcode: from n/a through 4.2.5.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24558

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24554

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit allows Reflected XSS. This issue affects AWcode Toolkit: from n/a through 1.0.14.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23905

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages allows Reflected XSS. This issue affects Admin Options Pages: from n/a through 0.9.7.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291717 Results