Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-23656

    Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-23574

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-23531

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David F. Carr RSVPMaker Volunteer Roles allows Reflected XSS. This issue affects RSVPMaker Volunteer Roles: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-23529

    Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-57595

    DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a P... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-57590

    TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST ... Read more

    Affected Products : tew-632brp_firmware tew-632brp
    • Published: Jan. 27, 2025
    • Modified: May. 29, 2025

  • 4.3

    MEDIUM
    CVE-2025-24754

    Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 8.1

    HIGH
    CVE-2025-24685

    Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.3

    CRITICAL
    CVE-2025-24664

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition... Read more

    Affected Products : ltl_freight_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.3

    CRITICAL
    CVE-2025-24612

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-24601

    Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 4.3

    MEDIUM
    CVE-2025-24584

    Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.... Read more

    Affected Products : ultimate_store_kit
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 5.4

    MEDIUM
    CVE-2025-24533

    Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.... Read more

    Affected Products : slider\,_gallery\,_and_carousel
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-23792

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or f... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-23457

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-22513

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-11348

    Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. The vulnerability has been fixed by a patche patch 17012022 addressing all affected versions... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 8.9

    HIGH
    CVE-2022-4975

    A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This informat... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-55931

    Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notifie... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Feb. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-0696

    A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
Showing 20 of 291150 Results