Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-13853

    The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : seo_tools
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13862

    The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-0629

    The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2021-37787

    The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module... Read more

    Affected Products : abo.cms
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-25925

    A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form... Read more

    Affected Products : openmrs
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-41571

    An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.33
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-41347

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-... Read more

    Affected Products : collaboration
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40927

    Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.... Read more

    Affected Products : online_leave_management_system
    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40926

    Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.... Read more

    Affected Products : online_leave_management_system
    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40485

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40484

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40483

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40404

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40403

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40402

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 2.7

    LOW
    CVE-2022-40199

    Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure informati... Read more

    Affected Products : ec-cube
    • EPSS Score: %0.44
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40099

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.... Read more

    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40098

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.... Read more

    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40097

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.... Read more

    • EPSS Score: %0.09
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40050

    ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.... Read more

    Affected Products : zfile
    • EPSS Score: %0.13
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025
Showing 20 of 292522 Results