Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-32070

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32073

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-39545

    Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.... Read more

    Affected Products : wordpress_rest_api_authentication
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-3788

    A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack c... Read more

    Affected Products : jsite
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3822

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2987

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2019-16961

    SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %2.18
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-3970

    A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack ... Read more

    Affected Products : jsite
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46343

    n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. Howe... Read more

    Affected Products : n8n
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-24343

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-4324

    A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to ... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3218

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or t... Read more

    Affected Products : i i
    • Published: May. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-20973

    Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-4461

    A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: May. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4469

    A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassw... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3794

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficie... Read more

    Affected Products : wpforms
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-50565

    A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.20
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-4520

    The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-44185

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.... Read more

    Affected Products : best_employee_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-53480

    The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291275 Results