Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-9495

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9494

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9493

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9492

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9491

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9490

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-57184

    An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.... Read more

    Affected Products : gpac
    • Published: Jan. 24, 2025
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-41739

    IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.... Read more

    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-11913

    The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Su... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-10324

    The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Jan. 24, 2025
    • Modified: Feb. 04, 2025

  • 7.8

    HIGH
    CVE-2022-47090

    GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23889

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23888

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: from n/a through 0.6.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23885

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23839

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23838

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23837

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23737

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23734

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gigaom Sphinx allows Reflected XSS. This issue affects Gigaom Sphinx: from n/a through 0.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-23711

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Quote me allows Reflected XSS. This issue affects Quote me: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291157 Results