Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-56301

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eniture Technology Distance Based Shipping Calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-56065

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder.biz Team WP2LEADS allows Reflected XSS.This issue affects WP2LEADS: from n/a through 3.4.2.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22828

    CloudStack users can add and read comments (annotations) on resources they are authorised to access.  Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUID... Read more

    Affected Products : cloudstack
    • Published: Jan. 13, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-52938

    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2024-52937

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2024-52936

    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2024-52935

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-47897

    Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-47895

    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-47894

    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2024-12568

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12567

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12566

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12274

    The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported file... Read more

    Affected Products : appointment_booking_calendar
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-11636

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-0412

    Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit ... Read more

    Affected Products : keyshot keyshot_viewer
    • Published: Jan. 13, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-0410

    A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0409

    A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0408

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosNa... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0407

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation o... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection
Showing 20 of 291754 Results