Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-23628

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in New Media One GeoDigs allows Reflected XSS. This issue affects GeoDigs: from n/a through 3.4.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23626

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23624

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Benoit WpDevTool allows Reflected XSS. This issue affects WpDevTool: from n/a through 0.1.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23545

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast allows Reflected XSS. This issue affects WP Social Broadcast: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23544

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN allows Reflected XSS. This issue affects StatPressCN: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23541

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-23540

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-22768

    Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.1

    HIGH
    CVE-2025-22264

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-0637

    It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for oth... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 10.0

    CRITICAL
    CVE-2024-55971

    SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 06, 2025

  • 9.6

    CRITICAL
    CVE-2024-52325

    ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 5.9

    MEDIUM
    CVE-2024-10846

    The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from vers... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Apr. 25, 2025

  • 0.0

    NA
    CVE-2024-57947

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-10539

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-23006

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated a... Read more

    • Actively Exploited
    • Published: Jan. 23, 2025
    • Modified: Apr. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-13422

    The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escapin... Read more

    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 6.4

    MEDIUM
    CVE-2024-13389

    The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products : cliptakes
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025

  • 6.4

    MEDIUM
    CVE-2024-13340

    The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output e... Read more

    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-13236

    The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing... Read more

    Affected Products : tainacan
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
Showing 20 of 291058 Results