Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3357

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-48734

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. Howev... Read more

    Affected Products : commons_beanutils
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-24715

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.... Read more

    Affected Products : counter_box
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24698

    Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.... Read more

    Affected Products : essential_real_estate
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2023-7168

    The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : better_flow_button_for_jetpack
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-45997

    Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.... Read more

    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-24650

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.... Read more

    Affected Products : tourfic
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-11189

    The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : social_share_and_social_locker
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-11372

    The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : connexion_logs
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-11373

    The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : connexion_logs
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2024-45094

    IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5252

    A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php. The manipulation of the argument emailid leads to sql injection. The attack ca... Read more

    Affected Products : news_portal news_portal_project
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-48744

    In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-48743

    SIGB PMB before 8.0.1.2 allows SQL injection.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-11502

    The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a... Read more

    Affected Products : planning_center_online_giving
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5220

    A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. ... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-33079

    IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.... Read more

    Affected Products : cognos_controller controller
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-5219

    A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be launch... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-11718

    The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : tarteaucitron-wp
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-11719

    The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : tarteaucitron-wp
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293350 Results