Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0357

    The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenti... Read more

    Affected Products : wpbookit wpbookit
    • Published: Jan. 25, 2025
    • Modified: Jun. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-24361

    Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site... Read more

    Affected Products : nuxt
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 5.3

    MEDIUM
    CVE-2025-24360

    Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the ... Read more

    Affected Products : nuxt
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-50698

    SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-50697

    In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-50695

    SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-50694

    In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-50692

    SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the rea... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-50690

    SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-21262

    User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network... Read more

    Affected Products : edge_chromium
    • Published: Jan. 24, 2025
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2025-0710

    A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site ... Read more

    Affected Products : school_management_software
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.1

    MEDIUM
    CVE-2025-0709

    A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be i... Read more

    Affected Products : dcat_admin
    • Published: Jan. 24, 2025
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2025-0708

    A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to c... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.5

    HIGH
    CVE-2025-0707

    A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.1

    MEDIUM
    CVE-2025-0706

    A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scri... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.7

    MEDIUM
    CVE-2024-57277

    InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Feb. 05, 2025

  • 6.8

    MEDIUM
    CVE-2024-57095

    SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.... Read more

    Affected Products : go-cms
    • Published: Jan. 24, 2025
    • Modified: Apr. 18, 2025

  • 4.6

    MEDIUM
    CVE-2024-57041

    A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.... Read more

    Affected Products : nodebb
    • Published: Jan. 24, 2025
    • Modified: Jun. 27, 2025

  • 4.2

    MEDIUM
    CVE-2025-24363

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise se... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.9

    MEDIUM
    CVE-2025-0705

    A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291157 Results