Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-2170

    A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an uni... Read more

    Affected Products : sma1000_firmware sma1000
    • Published: Apr. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-22247

    VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.... Read more

    Affected Products : tools
    • Published: May. 12, 2025
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2022-3151

    The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.... Read more

    Affected Products : wp_custom_cursors
    • EPSS Score: %0.07
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-3150

    The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin... Read more

    • EPSS Score: %0.44
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-3239

    The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo... Read more

    Affected Products : postx
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-3582

    The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : ungallery
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-3590

    The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers... Read more

    Affected Products : letterpress
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 7.1

    HIGH
    CVE-2024-3903

    The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : add_custom_css_and_js
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 7.7

    HIGH
    CVE-2025-22222

    VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-3241

    The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : ultimate_blocks
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 5.2

    MEDIUM
    CVE-2025-22221

    VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when perf... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22220

    VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin use... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-22219

    VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary opera... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-22218

    VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-38830

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2024-38831

    VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMwa... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-10555

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : maxbuttons
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-2673

    A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possibl... Read more

    • Published: Mar. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-38832

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 6.8

    MEDIUM
    CVE-2024-38833

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025
Showing 20 of 291712 Results