Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-48883

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malforme... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-46919

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-12211

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.... Read more

    Affected Products : infinity
    • Published: Jan. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-22963

    Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.... Read more

    Affected Products : teedy
    • Published: Jan. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.4

    HIGH
    CVE-2024-52333

    An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : dcmtk
    • Published: Jan. 13, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-47796

    An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : dcmtk
    • Published: Jan. 13, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-22800

    Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.... Read more

    Affected Products : post_smtp
    • Published: Jan. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22777

    Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.... Read more

    Affected Products : givewp
    • Published: Jan. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22588

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    HIGH
    CVE-2025-22586

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through 0.4.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22583

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan External Links: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22576

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 7.1

    HIGH
    CVE-2025-22570

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miloš Đekić Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22569

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Featured Page Widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22568

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paramveer Singh for Arete IT Private Limited Post And Page Reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through 1.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22567

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22514

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Tatheer KNR Author List Widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through 3.1.1.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22506

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartAgenda Smart Agenda allows Stored XSS.This issue affects Smart Agenda: from n/a through 4.7.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22499

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through 1.1.18.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22498

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in New Normal LLC LucidLMS allows Reflected XSS.This issue affects LucidLMS: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291737 Results