Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-8201

    Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.... Read more

    Affected Products : ops_center_analyzer
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-48284

    Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40.... Read more

    Affected Products : japanized_for_woocommerce
    • Published: May. 19, 2025
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-22287

    Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-4405

    The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products : hot_random_image hot_random_image
    • Published: May. 22, 2025
    • Modified: Jul. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-48369

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to exec... Read more

    Affected Products : group_office group-office
    • Published: May. 22, 2025
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-48702

    PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-32967

    OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrato... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-48742

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-45475

    maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.... Read more

    Affected Products : maccms
    • Published: May. 27, 2025
    • Modified: Jun. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-48484

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2025-20129

    A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to impro... Read more

    • Published: Jun. 04, 2025
    • Modified: Aug. 01, 2025

  • 5.4

    MEDIUM
    CVE-2025-27445

    A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of use... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-5721

    A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation l... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5726

    A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. Th... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5757

    A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/... Read more

    Affected Products : traffic_offense_reporting_system
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-24762

    Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-24778

    Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-29013

    Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-30632

    Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-30968

    Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
Showing 20 of 291058 Results