Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4874

    A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attac... Read more

    Affected Products : news_portal news_portal_project
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4880

    A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The atta... Read more

    Affected Products : news_portal news_portal_project
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4906

    A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the att... Read more

    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4907

    A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. ... Read more

    Affected Products : daily_expense_tracker_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-1612

    A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be init... Read more

    Affected Products : br-6288acl_firmware br-6288acl
    • Published: Feb. 24, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4908

    A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection.... Read more

    Affected Products : daily_expense_tracker_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-26884

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2022-38553

    Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.... Read more

    • EPSS Score: %33.37
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.9

    MEDIUM
    CVE-2022-2926

    The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory... Read more

    • EPSS Score: %0.87
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2025-26963

    Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3.... Read more

    Affected Products : clickwhale
    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-26971

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.... Read more

    Affected Products : poll_maker
    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-26987

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17.... Read more

    Affected Products : frontend_admin
    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0767

    WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.... Read more

    Affected Products : wp_activity_log
    • Published: Feb. 27, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22387

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which ca... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-1363

    The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even... Read more

    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-1362

    The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers v... Read more

    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-13668

    The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.... Read more

    Affected Products : wordpress_activity-o-meter
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1382

    The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : contact_us
    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2025-2717

    A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument t... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Mar. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-1103

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292727 Results