Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-13829

    The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for... Read more

    Affected Products : tripetto
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-25246

    NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.... Read more

    Affected Products : xr1000
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-1026

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:**... Read more

    Affected Products : browsershot
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-1025

    Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-1022

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd).... Read more

    Affected Products : browsershot
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-1028

    The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to up... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-23114

    A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.... Read more

    Affected Products : veeam_backup_for_microsoft_azure
    • Published: Feb. 05, 2025
    • Modified: Mar. 13, 2025

  • 7.8

    HIGH
    CVE-2025-0413

    Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability ... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-53966

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53965

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By man... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53964

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53963

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By man... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53962

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-48445

    An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-11468

    Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on th... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-11467

    Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Hor... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2023-40222

    In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerabilit... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2023-39943

    In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to e... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-8125

    Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to car... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-53994

    Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrad... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291526 Results