Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-46487

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-48289

    Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-39506

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.... Read more

    Affected Products : nasa_core
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-39494

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-32289

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi allows PHP Local File Inclusion. This issue affects Yozi: from n/a through 2.0.52.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-39505

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-47663

    Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.... Read more

    Affected Products : hospital_management_system
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-47530

    Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-4692

    Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalat... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-13952

    Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025

  • 9.9

    CRITICAL
    CVE-2025-47658

    Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a t... Read more

    Affected Products : wsdesk
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5105

    A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The atta... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-4975

    When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-48701

    openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-48374

    zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clients... Read more

    Affected Products : zot
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-48292

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.... Read more

    Affected Products : tour_master
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-48245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.... Read more

    Affected Products : quick_contact_form
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-48283

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.... Read more

    Affected Products : majestic_support
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-47690

    Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-47672

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a... Read more

    Affected Products : discord_integration
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293284 Results