Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-26056

    A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to ex... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-32248

    Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer allows Cross Site Request Forgery. This issue affects SwiftXR (3D/AR/VR) Viewer: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-32073

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3788

    A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack c... Read more

    Affected Products : jsite
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3822

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2019-16961

    SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.... Read more

    Affected Products : web_help_desk
    • EPSS Score: %2.18
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-3970

    A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack ... Read more

    Affected Products : jsite
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-24343

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-4324

    A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to ... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20973

    Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-4469

    A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassw... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-50565

    A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.20
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-4520

    The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-44185

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.... Read more

    Affected Products : best_employee_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-53480

    The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-50566

    A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.18
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-7035

    A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument siten... Read more

    Affected Products : automad
    • EPSS Score: %0.14
    • Published: Dec. 21, 2023
    • Modified: Jun. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-7050

    A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross... Read more

    Affected Products : online_notes_sharing_system
    • EPSS Score: %0.19
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-27150

    openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.... Read more

    Affected Products : opencrx
    • EPSS Score: %0.08
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50550

    layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.... Read more

    Affected Products : layui
    • EPSS Score: %0.42
    • Published: Dec. 30, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292386 Results