Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-0859

    The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, ... Read more

    • Published: Feb. 06, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-24845

    Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where t... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-24483

    NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-23236

    Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-22894

    Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrar... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-20094

    Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrar... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-22890

    Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-13487

    The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and ... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-0522

    The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : likebot
    • Published: Feb. 06, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-51547

    Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    • Published: Feb. 06, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-0799

    IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted direc... Read more

    Affected Products : app_connect_enterprise
    • Published: Feb. 06, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-51450

    IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    Affected Products : security_verify_directory
    • Published: Feb. 06, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-49814

    IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.... Read more

    Affected Products : security_verify_access
    • Published: Feb. 06, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1066

    OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-49800

    IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-49798

    IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-49797

    IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle t... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-49796

    IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch f... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-49795

    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-49794

    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291570 Results