Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-45121

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45120

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45119

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45118

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45117

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45116

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45115

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2025-30375

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2024-2968

    The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : wp-eggdrop
    • Published: Mar. 29, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-2969

    The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticat... Read more

    Affected Products : wp-eggdrop
    • Published: Mar. 29, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-1538

    The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' paramete... Read more

    Affected Products : file_manager file_manager
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2025-30382

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2023-6385

    The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.... Read more

    Affected Products : wordpress_ping_optimizer
    • Published: Apr. 10, 2024
    • Modified: May. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-31065

    Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-31637

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.... Read more

    Affected Products : shout
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-31921

    Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery. This issue affects WP Ultimate Tours Builder: from n/a through 1.055.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-32287

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: fr... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-46464

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro Plugin allows Stored XSS. This issue affects Ads Pro Plugin: from n/a through 4.88.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-47564

    Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9.... Read more

    Affected Products : eventon-lite
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-48079

    Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1.... Read more

    Affected Products : profilegrid
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 292811 Results