Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2024-3220

    There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have fi... Read more

    Affected Products : python
    • Published: Feb. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-25745

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-57778

    An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-57725

    An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56973

    Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-25740

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-56477

    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : power_hardware_management_console
    • Published: Feb. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-52895

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of ... Read more

    Affected Products : i i
    • Published: Feb. 14, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-1239

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a local... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1071

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a local... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-0178

    Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, pois... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-56180

    CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hes... Read more

    Affected Products : eventmesh
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-12651

    Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-24700

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24699

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.... Read more

    Affected Products : wp_coder
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24692

    Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-24688

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.... Read more

    Affected Products : wp_mailster
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24641

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24617

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.... Read more

    Affected Products : acymailing
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291728 Results