Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2025-47203

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.... Read more

    Affected Products : dropbear_ssh
    • Published: May. 07, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4331

    A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 06, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-1061

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql inj... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 8.8

    HIGH
    CVE-2023-1059

    A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads ... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 9.9

    CRITICAL
    CVE-2025-2605

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Hon... Read more

    • Published: May. 02, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-22458

    DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9305

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having ... Read more

    Affected Products : apppresser
    • Published: Oct. 16, 2024
    • Modified: May. 17, 2025

  • 4.6

    MEDIUM
    CVE-2024-57776

    A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57774

    A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-57773

    A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57771

    A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57772

    A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12587

    The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : contact_form_master
    • Published: Jan. 11, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12715

    The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : asgard_security_scanner
    • Published: Jan. 09, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12714

    The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : backlink_monitoring_manager
    • Published: Jan. 09, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-10568

    The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : ajax_search
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-10518

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as a... Read more

    Affected Products : profilepress
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-10517

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as... Read more

    Affected Products : profilepress
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025

  • 7.2

    HIGH
    CVE-2024-10499

    The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : ai_engine
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-11972

    The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including ... Read more

    Affected Products : hunk_companion
    • Published: Dec. 31, 2024
    • Modified: May. 17, 2025
Showing 20 of 292512 Results