Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-22681

    Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22679

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-22677

    Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-22292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22260

    Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-50500

    Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17... Read more

    • Published: Feb. 03, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-43333

    Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-57522

    SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.... Read more

    • Published: Feb. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-0015

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue a... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2024-6790

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory ... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2024-10395

    No proper validation of the length of user input in http_server_get_content_type_from_extension.... Read more

    Affected Products : zephyr
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025

  • 8.1

    HIGH
    CVE-2025-25066

    nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.... Read more

    Affected Products : ndpi
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2024-13347

    The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.... Read more

    Affected Products : essential_wp_real_estate
    • Published: Feb. 03, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2024-57966

    libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.... Read more

    Affected Products : ark
    • Published: Feb. 03, 2025
    • Modified: Feb. 09, 2025
    • Vuln Type: Path Traversal

  • 4.4

    MEDIUM
    CVE-2025-25063

    An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and execu... Read more

    Affected Products : backdrop
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-25062

    An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaS... Read more

    Affected Products : backdrop
    • Published: Feb. 03, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-20643

    In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interactio... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +34 more products
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2025-20642

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +34 more products
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-20641

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +34 more products
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-20640

    In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +34 more products
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291641 Results