Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-9661

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attacke... Read more

    Affected Products : wp_all_import
    • Published: Feb. 07, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-7419

    The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it p... Read more

    Affected Products : wp_all_export
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57707

    An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.... Read more

    Affected Products : dataease
    • Published: Feb. 07, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-57248

    Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55214

    Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55213

    Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-52884

    An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.... Read more

    Affected Products : mediant_session_border_controller
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2024-52883

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-52882

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-52881

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2024-48091

    Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-1103

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2024-35106

    NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2024-10383

    An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar... Read more

    Affected Products : gitlab gitlab-web-ide-vscode-fork
    • Published: Feb. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-1108

    Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST re... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-1107

    Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a speci... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25069

    A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations... Read more

    Affected Products : kvrocks
    • Published: Feb. 07, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-25168

    Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.... Read more

    Affected Products : wp_affiliate_disclosure bookpress
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25167

    Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.... Read more

    Affected Products : wp_affiliate_disclosure bookpress
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 291608 Results