Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-0837

    The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenti... Read more

    Affected Products : puzzles
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-13770

    The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it p... Read more

    Affected Products : puzzles
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-13229

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it poss... Read more

    Affected Products : seo
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13227

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output esca... Read more

    Affected Products : seo
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-10763

    The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more

    Affected Products : campress
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-1198

    An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming r... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0896

    Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.... Read more

    Affected Products : orthanc
    • Published: Feb. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2024-13644

    The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : dethemekit_for_elementor
    • Published: Feb. 13, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-25286

    Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. T... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2024-8266

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7102

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51376

    Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2024-34521

    A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the ap... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-34520

    An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' fea... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-20097

    Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-1229

    A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1228

    A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipu... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57605

    Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.... Read more

    Affected Products : fuel_cms
    • Published: Feb. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-57604

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-57603

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 291712 Results