Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-0106

    A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.... Read more

    Affected Products : expedition pan-os prisma_access
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-0105

    An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.... Read more

    Affected Products : expedition pan-os prisma_access
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-0104

    A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link th... Read more

    Affected Products : expedition pan-os prisma_access
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-0103

    An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attac... Read more

    Affected Products : expedition pan-os prisma_access
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-42169

    HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2024-42168

    HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-12627

    The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content pass... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-12505

    The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12472

    The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenti... Read more

    Affected Products : post_duplicator
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-12404

    The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-12204

    The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to,... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-11327

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR... Read more

    Affected Products : clickwhale
    • Published: Jan. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-23113

    An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML i... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-23112

    An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it tri... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-23111

    An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, w... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-23110

    An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file... Read more

    Affected Products : redcap
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-9188

    Specially constructed queries cause cross platform scripting leaking administrator tokens... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2024-9134

    Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-9133

    A user with administrator privileges is able to retrieve authentication tokens... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-9132

    The administrator is able to configure an insecure captive portal script... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291784 Results