Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11780

    The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : site_search_360
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-24891

    Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overw... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-57587

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57435

    In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-57434

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-57433

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55062

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-53357

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updateali... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53356

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret pose... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-53355

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatea... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-53354

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter para... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-0934

    A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of the argument n leads to sql injection. It is possible to ... Read more

    Affected Products : job_recruitment
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0938

    The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFu... Read more

    Affected Products : python
    • Published: Jan. 31, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-23001

    A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, o... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-22957

    A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitiv... Read more

    Affected Products : zzcms
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-57432

    macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to fo... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-53584

    OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.... Read more

    Affected Products : openpanel
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-49349

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-49339

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-47857

    SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "acc... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication
Showing 20 of 291385 Results