Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-5730

    The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : pagerank_tools
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5729

    The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : simple_al_slider
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-5728

    The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : animated_al_list
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-5727

    The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : widget4call
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-5570

    The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them... Read more

    Affected Products : simple_photoswipe
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2025-43566

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could levera... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-43565

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability ... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43562

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the curren... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-43561

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabilit... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43560

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabil... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-30316

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a ... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30315

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30314

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-43567

    Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s br... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-6534

    Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the... Read more

    Affected Products : directus
    • Published: Aug. 15, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-23440

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.... Read more

    Affected Products : vba32
    • EPSS Score: %0.02
    • Published: Feb. 13, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-23439

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.... Read more

    Affected Products : vba32
    • EPSS Score: %0.02
    • Published: Feb. 13, 2024
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-5011

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • EPSS Score: %0.07
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-5010

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • EPSS Score: %0.08
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-5007

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • EPSS Score: %0.08
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025
Showing 20 of 292495 Results