Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-57248

    Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55214

    Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-55213

    Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-52884

    An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.... Read more

    Affected Products : mediant_session_border_controller
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2024-52883

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-52882

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-52881

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.... Read more

    Affected Products : one_voice_operations_center
    • Published: Feb. 07, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2024-48091

    Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-1103

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2024-35106

    NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2024-10383

    An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar... Read more

    Affected Products : gitlab gitlab-web-ide-vscode-fork
    • Published: Feb. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-1108

    Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST re... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-1107

    Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a speci... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25069

    A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations... Read more

    Affected Products : kvrocks
    • Published: Feb. 07, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-25168

    Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.... Read more

    Affected Products : wp_affiliate_disclosure bookpress
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25167

    Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.... Read more

    Affected Products : wp_affiliate_disclosure bookpress
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-25166

    Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.... Read more

    Affected Products : inlocation
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25163

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.... Read more

    Affected Products : plugin_a\/b_image_optimizer
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-25160

    Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.... Read more

    Affected Products : style_tweaker
    • Published: Feb. 07, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291625 Results