Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-3067

    An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenti... Read more

    Affected Products : gitlab
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-5575

    The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : ditty
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29812

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. ... Read more

    Affected Products : reviewx
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29811

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. ... Read more

    Affected Products : radio_player
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29807

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. ... Read more

    Affected Products : dearflip
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-29806

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. ... Read more

    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-29805

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. ... Read more

    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-5627

    The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.... Read more

    Affected Products : tournamatch
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-22144

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved b... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-5644

    The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : tournamatch
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2025-29784

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search q... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-29804

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. ... Read more

    Affected Products : fancy_comments
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2025-30158

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attribut... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-30357

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-6938

    A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be lau... Read more

    Affected Products : siyuan
    • Published: Jul. 21, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2025-31118

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously p... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-24245

    An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.... Read more

    Affected Products : clamxav
    • Published: Apr. 09, 2024
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2025-31120

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-32389

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refe... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-22142

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a s... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291756 Results