Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-23794

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23793

    Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-23791

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-23785

    Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-23780

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-23779

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5.... Read more

    Affected Products : resads
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-23778

    Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-23777

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-23776

    Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-23775

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-23772

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-23765

    Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33.... Read more

    Affected Products : w3speedster
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-23764

    Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-23761

    Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-23760

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-57583

    Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57582

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57581

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57580

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57579

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291205 Results