Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-55215

    An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.... Read more

    Affected Products : trojan
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2025-25183

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr... Read more

    Affected Products : vllm
    • Published: Feb. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-24980

    pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented.... Read more

    Affected Products : admin_classic_bundle
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2021-41528

    An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2021-41527

    An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2021-27017

    Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.... Read more

    Affected Products : puppet_agent
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-1106

    A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attac... Read more

    Affected Products : cmseasy
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-1105

    A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross sit... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1104

    A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed... Read more

    Affected Products : dhp-w310av_firmware dhp-w310av
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-7425

    The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible ... Read more

    Affected Products : wp_all_export
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2022-26389

    An improper access control vulnerability may allow privilege escalation.This issue affects:  * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior;  * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior;  * E... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2022-26388

    A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c ... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-9664

    The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator... Read more

    Affected Products : wp_all_import
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-9661

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attacke... Read more

    Affected Products : wp_all_import
    • Published: Feb. 07, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-7419

    The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it p... Read more

    Affected Products : wp_all_export
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57707

    An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.... Read more

    Affected Products : dataease
    • Published: Feb. 07, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-57248

    Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55214

    Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55213

    Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291401 Results