Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-22363

    Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-22354

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-22350

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9.... Read more

    Affected Products : ultimate_learning_pro
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22334

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22319

    Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22306

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.... Read more

    Affected Products : link_whisper_free
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-22296

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9.... Read more

    Affected Products : hash_elements
    • Published: Jan. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0300

    A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be laun... Read more

    Affected Products : online_book_shop
    • Published: Jan. 07, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0299

    A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-8361

    In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart aft... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-56272

    Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-56270

    Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-55555

    Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. The route/{hash} rou... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-40749

    Improper Access Controls allows access to protected views.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-40748

    Lack of output escaping in the id attribute of menu lists.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-40747

    Various module chromes didn't properly process inputs, leading to XSS vectors.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-12430

    An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated a... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2024-12429

    An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and config... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-22593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-22592

    Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87.... Read more

    Affected Products : 1003_mortgage_application
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293517 Results