Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-30997

    Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-49239

    Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0.... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-5764

    A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5765

    A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible ... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-3117

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read da... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-5742

    CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-48067

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has ... Read more

    Affected Products : octoprint
    • Published: Jun. 10, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-57189

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-37395

    A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. Th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-5984

    A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to... Read more

    Affected Products : online_student_clearance_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-45256

    Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, valid... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-54183

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alte... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-4571

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. T... Read more

    Affected Products : givewp
    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-6287

    A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argumen... Read more

    Affected Products : covid19_testing_management_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2025-49998

    Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 5.4

    MEDIUM
    CVE-2025-50009

    Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.... Read more

    Affected Products : kata_plus
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 5.4

    MEDIUM
    CVE-2025-6551

    A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site ... Read more

    Affected Products : hope-boot
    • Published: Jun. 24, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-6676

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.... Read more

    Affected Products : simple_xml_sitemap
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-50350

    PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    MEDIUM
    CVE-2025-5093

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above... Read more

    Affected Products : responsive_lightbox
    • Published: Jun. 27, 2025
    • Modified: Jul. 01, 2025
Showing 20 of 291058 Results