Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-52327

    The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-12079

    ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 6.3

    MEDIUM
    CVE-2024-12078

    ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.6

    HIGH
    CVE-2024-11147

    ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23960

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. This issue affects Save & Import Image from URL: from n/a through 0.7.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23894

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tatsuya Fukata, Alexander Ovsov wp-flickr-press allows Reflected XSS. This issue affects wp-flickr-press: from n/a through 2.6.4.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23836

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SuryaBhan Custom Coming Soon allows Reflected XSS. This issue affects Custom Coming Soon: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23835

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Legal + allows Reflected XSS. This issue affects Legal +: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23834

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23733

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sayocode SC Simple Zazzle allows Reflected XSS. This issue affects SC Simple Zazzle: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23730

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FLX Dashboard Groups allows Reflected XSS. This issue affects FLX Dashboard Groups: from n/a through 0.0.7.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23729

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fures XTRA Settings allows Reflected XSS. This issue affects XTRA Settings: from n/a through 2.1.8.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23727

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AZ Content Finder allows Reflected XSS. This issue affects AZ Content Finder: from n/a through 0.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23725

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaskMeister Accessibility Task Manager allows Reflected XSS. This issue affects Accessibility Task Manager: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23724

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oleksandr Ustymenko University Quizzes Online allows Reflected XSS. This issue affects University Quizzes Online: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23723

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plestar Inc Plestar Directory Listing allows Reflected XSS. This issue affects Plestar Directory Listing: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23722

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mind3doM RyeBread Widgets allows Reflected XSS. This issue affects Mind3doM RyeBread Widgets: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23636

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dimitar Atanasov My Favorite Car allows Reflected XSS. This issue affects My Favorite Car: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23634

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Youtube Video Grid allows Reflected XSS. This issue affects Youtube Video Grid: from n/a through 1.9.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23629

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasis Laha Gallerio allows Reflected XSS. This issue affects Gallerio: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
Showing 20 of 291058 Results