Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-5573

    The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easy_table_of_contents
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 4.0

    MEDIUM
    CVE-2024-5473

    The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : simple_photoswipe
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-5071

    The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.... Read more

    Affected Products : bookster
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-3633

    The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : webp_\&_svg_support
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-4759

    The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : mime_types_extended
    • Published: Jun. 25, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5730

    The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : pagerank_tools
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-5729

    The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : simple_al_slider
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-5728

    The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : animated_al_list
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-5727

    The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : widget4call
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-5570

    The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them... Read more

    Affected Products : simple_photoswipe
    • Published: Jun. 28, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2025-43566

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could levera... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-43565

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability ... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43562

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the curren... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-43561

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabilit... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43560

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabil... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-30316

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a ... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30315

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30314

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-43567

    Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s br... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-6534

    Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the... Read more

    Affected Products : directus
    • Published: Aug. 15, 2024
    • Modified: May. 19, 2025
Showing 20 of 292803 Results