Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-25371

    Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.2

    MEDIUM
    CVE-2025-23022

    FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.... Read more

    Affected Products : freetype
    • Published: Jan. 10, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22946

    Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57687

    An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.... Read more

    Affected Products : land_record_system
    • Published: Jan. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57686

    A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.... Read more

    Affected Products : land_record_system
    • Published: Jan. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-41787

    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely ... Read more

    • Published: Jan. 10, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Race Condition

  • 9.3

    CRITICAL
    CVE-2024-57823

    In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().... Read more

    Affected Products : raptor_rdf_syntax_library
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2024-57822

    In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().... Read more

    Affected Products : raptor_rdf_syntax_library
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-13318

    The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attac... Read more

    Affected Products : essential_wp_real_estate
    • Published: Jan. 10, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13183

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : orbit_fox
    • Published: Jan. 10, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-0311

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : orbit_fox
    • Published: Jan. 10, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-12606

    The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the en... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-12473

    The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generat... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-21380

    Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : azure_marketplace marketplace_saas
    • Published: Jan. 09, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56377

    A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey ... Read more

    Affected Products : redcap
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-56376

    A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potenti... Read more

    Affected Products : redcap
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-21385

    A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jan. 09, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2024-51229

    Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-46464

    In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291794 Results