Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-52611

    The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.... Read more

    Affected Products : solarwinds_platform
    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-52606

    SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025

  • 4.6

    MEDIUM
    CVE-2024-45718

    Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-28989

    SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.... Read more

    Affected Products : web_help_desk
    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-13643

    The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1179

    A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-1178

    A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launche... Read more

    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0181

    The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their au... Read more

    Affected Products : foodbakery
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0180

    The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible fo... Read more

    Affected Products : foodbakery
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1177

    A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack ... Read more

    Affected Products : xunruicms
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-1176

    A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated r... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-13570

    The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : stray_random_quotes
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13544

    The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)... Read more

    Affected Products : zarinpal_paid_download
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-13543

    The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : zarinpal_paid_download
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-1211

    Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-1174

    A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the component Add Book Page. The manipulation of the argument Book N... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-1173

    A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible to in... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-12599

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : ht_mega
    • Published: Feb. 11, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1172

    A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file addtocart.php. The manipulation of the argument bcid leads to sql injectio... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-1171

    A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address lea... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291783 Results