Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-22690

    Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-22688

    Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-22686

    Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17.... Read more

    Affected Products : cf7_google_sheets_connector
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22685

    Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-22684

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22683

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.... Read more

    Affected Products : notificationx
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22682

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22681

    Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22679

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-22677

    Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-22292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22260

    Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-50500

    Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17... Read more

    • Published: Feb. 03, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-43333

    Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-57522

    SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.... Read more

    • Published: Feb. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-0015

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue a... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2024-6790

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory ... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2024-10395

    No proper validation of the length of user input in http_server_get_content_type_from_extension.... Read more

    Affected Products : zephyr
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025

  • 8.1

    HIGH
    CVE-2025-25066

    nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.... Read more

    Affected Products : ndpi
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2024-13347

    The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.... Read more

    Affected Products : essential_wp_real_estate
    • Published: Feb. 03, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291269 Results