Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-24582

    Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. This issue affects 12 Step Meeting List: from n/a through 3.16.5.... Read more

    Affected Products : 12_step_meeting_list
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24580

    Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.... Read more

    Affected Products : 12_step_meeting_list
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24579

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9.... Read more

    Affected Products : nested_pages
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24578

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24575

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso allows Stored XSS. This issue affects HelloAsso: from n/a through 1.1.11.... Read more

    Affected Products : helloasso
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24573

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4.... Read more

    Affected Products : pagelayer
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24572

    Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24571

    Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24570

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8.... Read more

    Affected Products : atarim
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24568

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9.... Read more

    Affected Products : starter_templates
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24562

    Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24561

    Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24555

    Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-24552

    Generation of Error Message Containing Sensitive Information vulnerability in David de Boer Paytium allows Retrieve Embedded Sensitive Data. This issue affects Paytium: from n/a through 4.4.11.... Read more

    Affected Products : paytium
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24547

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and J... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24546

    Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-24543

    Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-24542

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31.... Read more

    Affected Products : icegram_express
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24362

    In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. U... Read more

    Affected Products : codeql_action
    • Published: Jan. 24, 2025
    • Modified: Mar. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-0702

    A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the a... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291128 Results