Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-13909

    The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more

    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-13896

    The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial o... Read more

    Affected Products : wp-geshi-highlight
    • Published: Apr. 10, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-13874

    The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : web_push_notifications
    • Published: Apr. 10, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-10894

    The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and o... Read more

    Affected Products : payment_forms_for_paystack
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0539

    In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potenti... Read more

    Affected Products : windows octopus_server
    • Published: Apr. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2025-3102

    The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in a... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-3489

    A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site sc... Read more

    Affected Products : simple-user-management-system
    • Published: Apr. 10, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-27690

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user acco... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-26480

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-26479

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-26330

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a dis... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-23378

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclos... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-22471

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-58136

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.... Read more

    Affected Products : yii
    • Actively Exploited
    • Published: Apr. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-32728

    In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.... Read more

    Affected Products : debian_linux openssh
    • Published: Apr. 10, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2025-29989

    Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial.... Read more

    • Published: Apr. 10, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-32387

    Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has b... Read more

    Affected Products : helm
    • Published: Apr. 09, 2025
    • Modified: Sep. 03, 2025

  • 6.5

    MEDIUM
    CVE-2025-32386

    Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted ca... Read more

    Affected Products : helm
    • Published: Apr. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-24375

    Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell ap... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-29018

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293366 Results