Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-31251

    The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafte... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-31253

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 12, 2025
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-31256

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025

  • 4.7

    MEDIUM
    CVE-2025-31257

    This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari cr... Read more

    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-31258

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2025-31259

    The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-31260

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2023-7229

    The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2023-7230

    The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks.... Read more

    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-6718

    The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : pvn_auth_popup
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-8090

    The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : javascript-logic
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-8094

    The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ntz_atispam
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-8095

    The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : babeiz
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-8187

    The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : smart_post_show
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-8426

    The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : pagelayer
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-8618

    The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : pagelayer
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4717

    A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of the argument fullname leads to sql injection. It is possi... Read more

    Affected Products : company_visitor_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4725

    A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4726

    A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4728

    A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to la... Read more

    Affected Products : best_online_news_portal
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection
Showing 20 of 293350 Results