Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-3201

    The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : kali_forms
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-4751

    A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. It is possible to launch the attack remote... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-4757

    A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The at... Read more

    Affected Products : beauty_parlour_management_system
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4758

    A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the... Read more

    Affected Products : beauty_parlour_management_system
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4761

    A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. Th... Read more

    Affected Products : complaint_management_system
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4765

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/contactus.php. The manipulation of the argument mobnum leads to sql injection. It is possible to laun... Read more

    Affected Products : zoo_management_system
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4766

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument contactnumber leads to sql inj... Read more

    Affected Products : zoo_management_system
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-48758

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 16, 2024
    • Modified: May. 27, 2025

  • 7.3

    HIGH
    CVE-2024-48249

    Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 4.7

    MEDIUM
    CVE-2024-46911

    Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF prot... Read more

    Affected Products : roller
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-46468

    A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.... Read more

    Affected Products : jpress
    • Published: Oct. 11, 2024
    • Modified: May. 27, 2025

  • 7.1

    HIGH
    CVE-2024-47378

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.... Read more

    Affected Products : wpcom_member
    • Published: Oct. 05, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2023-26771

    Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious pict... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-26770

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41250

    A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing c... Read more

    Affected Products : scm_httpclient
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-41249

    A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credent... Read more

    Affected Products : scm_httpclient
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-41248

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-41247

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41246

    A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ... Read more

    Affected Products : worksoft_execution_manager
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-40754

    In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025
Showing 20 of 293254 Results