Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.2

    MEDIUM
    CVE-2025-22221

    VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when perf... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22220

    VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin use... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-22219

    VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary opera... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-22218

    VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs... Read more

    • Published: Jan. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-38830

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2024-38831

    VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMwa... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-10555

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : maxbuttons
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-2673

    A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possibl... Read more

    • Published: Mar. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-38832

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 6.8

    MEDIUM
    CVE-2024-38833

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-38834

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.... Read more

    Affected Products : cloud_foundation aria_operations
    • Published: Nov. 26, 2024
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2025-2672

    A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injection. The attack ma... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-11108

    The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : serious_slider
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2025-2984

    A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injection. The attack m... Read more

    • Published: Mar. 31, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2985

    A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. It is possible to... Read more

    • Published: Mar. 31, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3038

    A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack ... Read more

    • Published: Mar. 31, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3039

    A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possibl... Read more

    • Published: Mar. 31, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3134

    A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument rate leads to sql injection. It is possible to initiate the ... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2854

    A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. ... Read more

    • Published: Mar. 27, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2024-8968

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : maxbuttons
    • Published: Dec. 20, 2024
    • Modified: May. 14, 2025
Showing 20 of 291750 Results