Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-42047

    An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-men... Read more

    Affected Products : mediawiki
    • EPSS Score: %1.83
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-44115

    A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.... Read more

    Affected Products : cotonti_siena
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-45387

    osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.... Read more

    Affected Products : osticket
    • Published: Jun. 02, 2025
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-3002

    Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.... Read more

    • EPSS Score: %0.99
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-45855

    An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : erupt
    • Published: Jun. 03, 2025
    • Modified: Jun. 23, 2025

  • 5.4

    MEDIUM
    CVE-2025-5507

    A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cros... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 03, 2025
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-40248

    An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.... Read more

    Affected Products : vince
    • EPSS Score: %0.14
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-5584

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the a... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5628

    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument n... Read more

    Affected Products : food_menu_manager food_menu_manager
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-5661

    A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name... Read more

    Affected Products : traffic_offense_reporting_system
    • Published: Jun. 05, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-46258

    Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.... Read more

    Affected Products : element_pack
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-49012

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using grou... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-2935

    The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.... Read more

    Affected Products : stop_spammers
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-5019

    The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-5727

    A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Ti... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-48335

    Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-3502

    A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to... Read more

    Affected Products : human_resource_management_system
    • EPSS Score: %0.08
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-24772

    Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-28985

    Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2025-30636

    Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite: from n/a through 4.19.... Read more

    Affected Products : accessibility_suite_by_online_ada
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
Showing 20 of 290943 Results