Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24584

    Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.... Read more

    Affected Products : ultimate_store_kit
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-24533

    Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.... Read more

    Affected Products : slider\,_gallery\,_and_carousel
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-23792

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or f... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23457

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22513

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-11348

    Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. The vulnerability has been fixed by a patche patch 17012022 addressing all affected versions... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2022-4975

    A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This informat... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-55931

    Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notifie... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-0696

    A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-0695

    An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2024-12345

    A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumpt... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-24814

    Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authenti... Read more

    Affected Products : solr
    • Published: Jan. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-52012

    Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constr... Read more

    Affected Products : solr
    • Published: Jan. 27, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-24390

    A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 20... Read more

    Affected Products : otrs
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-24389

    Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OT... Read more

    Affected Products : otrs
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2024-43446

    An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * (... Read more

    Affected Products : otrs
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-43445

    A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different ... Read more

    Affected Products : otrs
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-13117

    The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded... Read more

    Affected Products : social_share_buttons share_buttons
    • Published: Jan. 27, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2024-13116

    The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : crelly_slider
    • Published: Jan. 27, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13095

    The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : wp_triggers_lite
    • Published: Jan. 27, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection
Showing 20 of 291219 Results