Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-12472

    The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenti... Read more

    Affected Products : post_duplicator
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-12404

    The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-12204

    The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to,... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-11327

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR... Read more

    Affected Products : clickwhale
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-23113

    An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML i... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-23112

    An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it tri... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-23111

    An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, w... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-23110

    An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-9188

    Specially constructed queries cause cross platform scripting leaking administrator tokens... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2024-9134

    Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-9133

    A user with administrator privileges is able to retrieve authentication tokens... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-9132

    The administrator is able to configure an insecure captive portal script... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-9131

    A user with administrator privileges can perform command injection... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2024-7142

    On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-47520

    A user with advanced report application access rights can perform actions for which they are not authorized... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2024-47519

    Backup uploads to ETM subject to man-in-the-middle interception... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2024-47518

    Specially constructed queries targeting ETM could discover active remote access sessions... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2024-47517

    Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-7095

    On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being ter... Read more

    Affected Products : eos
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-5872

    On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.... Read more

    Affected Products : eos
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291756 Results