Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-5259

    The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-4634

    The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-4597

    The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and includ... Read more

    Affected Products : woo_slider_pro
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1484

    A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a reque... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-2500

    A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-48331

    Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2024-7096

    A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * S... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-2571

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-4984

    A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-4985

    A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-4986

    A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-23589

    Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2023-45929

    S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().... Read more

    Affected Products : s-lang
    • Published: Mar. 27, 2024
    • Modified: May. 30, 2025

  • 8.4

    HIGH
    CVE-2025-46688

    quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.... Read more

    Affected Products : quickjs quickjs
    • Published: Apr. 27, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-27113

    pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.... Read more

    Affected Products : pearprojectapi
    • Published: Jan. 21, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-27112

    pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.... Read more

    Affected Products : pearprojectapi
    • Published: Jan. 21, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-43850

    Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 8.0

    HIGH
    CVE-2023-43848

    Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-43847

    Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-43846

    Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infr... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025
Showing 20 of 292759 Results