Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-24363

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise se... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-0705

    A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-0704

    A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-0703

    A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. Th... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2024-52807

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2025-24756

    Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-24755

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This issue affects PDF Invoices for WooCommerce + Drag and D... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-24753

    Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.... Read more

    Affected Products : gutenberg_blocks_with_ai
    • Published: Jan. 24, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24751

    Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.... Read more

    Affected Products : coblocks
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-24750

    Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.... Read more

    Affected Products : exactmetrics
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-24746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.... Read more

    Affected Products : popup_maker
    • Published: Jan. 24, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-24739

    Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80.... Read more

    Affected Products : fluentsmtp
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24738

    Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13.... Read more

    Affected Products : call_now_button
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24736

    Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.... Read more

    Affected Products : post_duplicator
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-24733

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.... Read more

    Affected Products : post_grid_master
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-24732

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25.... Read more

    Affected Products : bookingpress
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-24731

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3.... Read more

    Affected Products : country_blocker
    • Published: Jan. 24, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-24730

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a through 8.5.14.... Read more

    Affected Products : wp_vr
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-24729

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-24728

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yannick Lefebvre Bug Library allows Blind SQL Injection. This issue affects Bug Library: from n/a through 2.1.4.... Read more

    Affected Products : bug_library
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Injection
Showing 20 of 291219 Results