Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    CVSS31
    CVE-2025-4813

    A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql ... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 7.3

    CVSS31
    CVE-2025-4812

    A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads t... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 7.3

    CVSS31
    CVE-2025-4811

    A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sq... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-4810

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based b... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 0.0

    NONE
    CVE-2025-4805

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This is... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 0.0

    NONE
    CVE-2025-4804

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a local... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 2.9

    CVSS31
    CVE-2025-48188

    libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 0.0

    NONE
    CVE-2025-32407

    Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration ... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2025-2248

    The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : wp-pmanager
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2025-2247

    The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp-pmanager
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2025-1454

    The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9879

    The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9838

    The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 6.5

    CVSS31
    CVE-2024-9765

    The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9711

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9709

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9663

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9662

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9645

    The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with ... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-9599

    The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : popup_box
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
Showing 20 of 471 Results
© cvefeed.io
Latest DB Update: May. 16, 2025 23:52