Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-57949

    In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_af... Read more

    Affected Products : linux_kernel
    • Published: Feb. 09, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Race Condition

  • 8.2

    HIGH
    CVE-2024-13440

    The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : super_store_finder
    • Published: Feb. 09, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-0169

    The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl... Read more

    Affected Products : dwt_listing
    • Published: Feb. 08, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0316

    The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possib... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-54176

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other ... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Feb. 08, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1117

    A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit h... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-13850

    The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit... Read more

    Affected Products : simple_add_pages_or_posts
    • Published: Feb. 08, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1116

    A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searc... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-1115

    A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device... Read more

    Affected Products : rt-thread
    • Published: Feb. 08, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-25187

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first e... Read more

    Affected Products : joplin
    • Published: Feb. 07, 2025
    • Modified: Apr. 11, 2025

  • 9.6

    CRITICAL
    CVE-2025-24028

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handle... Read more

    Affected Products : joplin
    • Published: Feb. 07, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1114

    A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. ... Read more

    Affected Products : newbee-mall
    • Published: Feb. 07, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-55630

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `doc... Read more

    Affected Products : joplin
    • Published: Feb. 07, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-24366

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the defa... Read more

    Affected Products : sftpgo
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1113

    A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in... Read more

    Affected Products : tarzan-cms
    • Published: Feb. 07, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57606

    SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57357

    An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.... Read more

    Affected Products : tl-wpa8630_firmware tl-wpa8630
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-57279

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-57278

    A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-55272

    An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Mar. 15, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291641 Results