Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.2

    MEDIUM
    CVE-2024-48417

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48416

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-27256

    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensiti... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 6.0

    MEDIUM
    CVE-2024-45598

    Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside t... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-38325

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain s... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-38320

    IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informa... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2024-37527

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    • Published: Jan. 27, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-22316

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2023-52292

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2023-47159

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-24783

    ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the ra... Read more

    Affected Products : cocoon
    • Published: Jan. 27, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24782

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate:... Read more

    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-24747

    Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24744

    Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.... Read more

    Affected Products : bridge_core
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24743

    Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24742

    Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40.... Read more

    Affected Products : wp_go_maps
    • Published: Jan. 27, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-24741

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.... Read more

    Affected Products : kb_support kb_support
    • Published: Jan. 27, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-24740

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.... Read more

    Affected Products : learnpress
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 8.8

    HIGH
    CVE-2025-24734

    Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.... Read more

    Affected Products : better_find_and_replace
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-24708

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
Showing 20 of 291193 Results