Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-54037

    Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.... Read more

    Affected Products : news_kit_elementor_addons
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-7857

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file bwdates-passreports-details.php of the component HTTP POST Request Handler... Read more

    • Published: Jul. 19, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-7869

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The man... Read more

    Affected Products : i-educar
    • Published: Jul. 20, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-51396

    A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025

  • 5.4

    MEDIUM
    CVE-2025-7926

    A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting.... Read more

    Affected Products : online_banquet_booking_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-51400

    A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025

  • 5.4

    MEDIUM
    CVE-2025-51479

    Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended c... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-50477

    A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-46993

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-47061

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-8167

    A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cro... Read more

    Affected Products : church_donation_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-6060

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS).This issue affects Geodi: before GEODI Setup 9.0.146.... Read more

    Affected Products : geodi
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-46018

    CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and pote... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2025-54393

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-54396

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-8784

    A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome ... Read more

    Affected Products : i-educar
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-24421

    The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-... Read more

    Affected Products : jobsearch_wp_job_board
    • EPSS Score: %0.18
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0273

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more

    • EPSS Score: %0.17
    • Published: Nov. 24, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2986

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.... Read more

    • EPSS Score: %0.17
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5955

    Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_doors_next_generation
    • EPSS Score: %0.26
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291014 Results