Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-35817

    DevExpress before 23.1.3 allows AsyncDownloader SSRF.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2023-35816

    DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-11642

    The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the '... Read more

    Affected Products : post_grid_master
    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-35815

    DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-35814

    DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-1330

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1331

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-29813

    [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-11725

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up t... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Jan. 07, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-29827

    Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_automation
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-29972

    Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.... Read more

    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-3597

    The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version us... Read more

    Affected Products : firelight_lightbox
    • Published: May. 12, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-3649

    The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.... Read more

    Affected Products : lightbox
    • Published: May. 12, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-3875

    Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats [email protected] as the ... Read more

    Affected Products : thunderbird
    • Published: May. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-3909

    Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may ... Read more

    Affected Products : thunderbird
    • Published: May. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-0450

    The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products : betheme
    • Published: Jan. 21, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-3932

    It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been... Read more

    Affected Products : thunderbird
    • Published: May. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2024-13702

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input ... Read more

    Affected Products : crm_and_lead_management_by_vcita
    • Published: Mar. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13384

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi... Read more

    Affected Products : robo_gallery
    • Published: May. 15, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-3180

    The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.... Read more

    Affected Products : wpgateway
    • Published: Feb. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 292837 Results