Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-24689

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a th... Read more

    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-24680

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.... Read more

    Affected Products : wp_multi_store_locator
    • Published: Jan. 27, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-24671

    Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.... Read more

    Affected Products : save_as_pdf
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24667

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edi... Read more

    Affected Products : small_package_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24665

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n... Read more

    Affected Products : small_package_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-24662

    Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1.... Read more

    Affected Products : learndash
    • Published: Jan. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24653

    Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-24628

    Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-24626

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-24606

    Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.... Read more

    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24603

    Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.... Read more

    Affected Products : print_labels_with_barcodes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-24600

    Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.... Read more

    Affected Products : rsvpmaker
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-24593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.... Read more

    Affected Products : bridge edwiser_bridge
    • Published: Jan. 27, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-24590

    Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24540

    Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-24538

    Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-24537

    Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.... Read more

    Affected Products : the_events_calendar
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-23982

    Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.... Read more

    Affected Products : cab_fare_calculator
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-23849

    Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 7.1

    HIGH
    CVE-2025-23756

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress – Law Firm Website Management allows Reflected XSS. This issue affects LawPress – Law Firm Website Management: from n/a through ... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291193 Results