Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-53497

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension allows Stored XSS.This issue affects Mediawiki - RelatedArticles Extension: from 1.43.X... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7139

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The man... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-53478

    The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension:... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7140

    A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name ... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7141

    A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads ... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-53496

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch Extension: from 1.42.X before ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7142

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site s... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7143

    A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name le... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7148

    A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to c... Read more

    Affected Products : simple_hospital_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7153

    A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the ar... Read more

    Affected Products : simple_hospital_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-5570

    The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jul. 08, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-4406

    The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : wpforo_forum
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-53636

    Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerabilit... Read more

    Affected Products : open_ondemand
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-51657

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-51659

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-54020

    Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-54037

    Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.... Read more

    Affected Products : news_kit_elementor_addons
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-7857

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file bwdates-passreports-details.php of the component HTTP POST Request Handler... Read more

    • Published: Jul. 19, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-7869

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The man... Read more

    Affected Products : i-educar
    • Published: Jul. 20, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-51396

    A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
Showing 20 of 291058 Results