Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.5

    CRITICAL
    CVE-2025-24971

    DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an at... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-24373

    woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if t... Read more

    • Published: Feb. 04, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-0451

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Med... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-0445

    Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-0444

    Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-48019

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through pat... Read more

    Affected Products : doris
    • Published: Feb. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-23060

    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-23059

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high pr... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-23058

    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0364

    BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registrati... Read more

    Affected Products : bigant_server
    • Published: Feb. 04, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-45659

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the syste... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-24677

    Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-24648

    Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 7.1

    HIGH
    CVE-2025-24602

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24599

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.... Read more

    Affected Products : newsletters
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 7.1

    HIGH
    CVE-2025-24598

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.... Read more

    Affected Products : wp_mailster
    • Published: Feb. 04, 2025
    • Modified: Feb. 11, 2025

  • 7.1

    HIGH
    CVE-2025-23645

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22794

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22730

    Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-22700

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection
Showing 20 of 291562 Results