Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-0311

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : orbit_fox
    • Published: Jan. 10, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-12606

    The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the en... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-12473

    The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generat... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-21380

    Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : azure_marketplace marketplace_saas
    • Published: Jan. 09, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56377

    A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey ... Read more

    Affected Products : redcap
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-56376

    A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potenti... Read more

    Affected Products : redcap
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-21385

    A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jan. 09, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2024-51229

    Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-46464

    In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-28354

    An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pa... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-55226

    Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55225

    An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-55224

    An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-48806

    Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-13312

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-13311

    Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-13310

    Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 31, 2025

  • 5.4

    MEDIUM
    CVE-2024-13309

    Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1.... Read more

    Affected Products : login_disable
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    Affected Products : browser_back_button
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4.... Read more

    Affected Products : entity_form_steps
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291863 Results