Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-22510

    Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-22508

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-22505

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-22504

    Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.... Read more

    Affected Products : 4ecps_web_forms
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-22361

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22345

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22331

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22330

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0..... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22313

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22307

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6.... Read more

    Affected Products : woo_product_table
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22295

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plug... Read more

    Affected Products : tripetto
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2024-10106

    A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.... Read more

    Affected Products : emberznet emberznet_sdk
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2023-24012

    An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certifica... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2023-24011

    An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certifica... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2023-24010

    An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certifica... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-43176

    IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.... Read more

    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2022-22491

    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesy... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-0349

    A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is po... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jan. 09, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-6155

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check ... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-5769

    The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 293360 Results