Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-45387

    osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.... Read more

    Affected Products : osticket
    • Published: Jun. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3584

    The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : newsletter
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3662

    The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escala... Read more

    Affected Products : fancybox
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48999

    DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, ... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49001

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10.... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49002

    DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohi... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5575

    A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argument productname leads to sql injection. The attack can... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-42849

    An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.... Read more

    Affected Products : silverpeas
    • Published: Aug. 16, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42850

    An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.... Read more

    Affected Products : silverpeas
    • Published: Aug. 16, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-39031

    In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into... Read more

    Affected Products : silverpeas
    • Published: Jul. 09, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-48072

    Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClau... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-13230

    The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the ... Read more

    Affected Products : super_socializer
    • Published: Jan. 21, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-48070

    An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-48069

    A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-29296

    A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.... Read more

    Affected Products : portainer
    • Published: Apr. 10, 2024
    • Modified: Jun. 05, 2025

  • 10.0

    CRITICAL
    CVE-2024-5407

    A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructur... Read more

    Affected Products : rhinos rhinos
    • Published: May. 27, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2018-18760

    RhinOS 3.0 build 1190 allows CSRF.... Read more

    Affected Products : rhinos rhinos
    • Published: Nov. 16, 2018
    • Modified: Jun. 05, 2025

  • 10.0

    CRITICAL
    CVE-2025-47577

    Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2023-6837

    Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated ... Read more

    • Published: Dec. 15, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-4332

    A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql inj... Read more

    Affected Products : company_visitor_management_system
    • Published: May. 06, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection
Showing 20 of 292768 Results