Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-22768

    Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-22264

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0637

    It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for oth... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2024-55971

    SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Injection

  • 9.6

    CRITICAL
    CVE-2024-52325

    ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-10846

    The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from vers... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2024-57947

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-10539

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-23006

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated a... Read more

    • Actively Exploited
    • Published: Jan. 23, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-13422

    The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escapin... Read more

    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13389

    The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products : cliptakes
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13340

    The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output e... Read more

    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13236

    The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing... Read more

    Affected Products : tainacan
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-12504

    The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient inpu... Read more

    • Published: Jan. 23, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-12118

    The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escap... Read more

    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-0648

    Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.... Read more

    Affected Products : m-files_server
    • Published: Jan. 23, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-0635

    Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.... Read more

    Affected Products : m-files_server
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-0619

    Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords... Read more

    Affected Products : m-files_server
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-43708

    An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.... Read more

    Affected Products : kibana
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-13234

    The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation... Read more

    Affected Products : product_table
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection
Showing 20 of 291570 Results