Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10763

    The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more

    Affected Products : campress
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-1198

    An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming r... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0896

    Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.... Read more

    Affected Products : orthanc
    • Published: Feb. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2024-13644

    The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : dethemekit_for_elementor
    • Published: Feb. 13, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-25286

    Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. T... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2024-8266

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7102

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51376

    Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2024-34521

    A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the ap... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-34520

    An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' fea... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-20097

    Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-1229

    A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1228

    A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipu... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57605

    Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.... Read more

    Affected Products : fuel_cms
    • Published: Feb. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-57604

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-57603

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57602

    An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.... Read more

    Affected Products : easyappointments
    • Published: Feb. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-57601

    Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.... Read more

    Affected Products : easyappointments
    • Published: Feb. 12, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-56940

    An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.... Read more

    Affected Products : learndash
    • Published: Feb. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-56939

    LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class.... Read more

    Affected Products : learndash
    • Published: Feb. 12, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291728 Results