Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-22618

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability al... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-22617

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability al... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-22616

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This ... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-22615

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerabili... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-22614

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vul... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Feb. 13, 2025

  • 6.4

    MEDIUM
    CVE-2025-22613

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerabili... Read more

    Affected Products : wegia
    • Published: Jan. 13, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-22138

    @codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or ano... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-22134

    When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch ... Read more

    Affected Products : vim bootstrap_os hci_compute_node
    • Published: Jan. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-23027

    next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-23026

    jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `java... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-22144

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved b... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-22142

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a s... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-46481

    The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.... Read more

    Affected Products : supravizio_bpm
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2024-46480

    An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.... Read more

    Affected Products : supravizio_bpm
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-46921

    An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedur... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-46310

    Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-44771

    BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-5743

    An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-46920

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2024-46479

    Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.... Read more

    Affected Products : supravizio_bpm
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 291741 Results