Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-10334

    A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issu... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-1193

    Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a ... Read more

    Affected Products : remote_desktop_manager
    • Published: Feb. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-1148

    A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely.... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1147

    A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to b... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-11621

    Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 20... Read more

    • Published: Feb. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-1175

    Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting ma... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-8685

    Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter.... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2024-8684

    OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to execute OS commands on the device via the ‘php/dal.php’ endpoint, in the ‘arrSaveConfig’ para... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25247

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.... Read more

    Affected Products : felix_webconsole
    • Published: Feb. 10, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-1099

    This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to per... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Cryptography

  • 4.7

    MEDIUM
    CVE-2025-21685

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_dev... Read more

    Affected Products : linux_kernel
    • Published: Feb. 09, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-21684

    In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 09, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-57949

    In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_af... Read more

    Affected Products : linux_kernel
    • Published: Feb. 09, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Race Condition

  • 8.2

    HIGH
    CVE-2024-13440

    The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : super_store_finder
    • Published: Feb. 09, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-0169

    The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl... Read more

    Affected Products : dwt_listing
    • Published: Feb. 08, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0316

    The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possib... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-54176

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other ... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Feb. 08, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1117

    A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit h... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-13850

    The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit... Read more

    Affected Products : simple_add_pages_or_posts
    • Published: Feb. 08, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1116

    A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searc... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Injection
Showing 20 of 291513 Results