Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-25559

    URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.... Read more

    Affected Products : a-blog_cms
    • EPSS Score: %0.26
    • Published: Feb. 15, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-51398

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.... Read more

    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-3710

    The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 3.8

    LOW
    CVE-2025-32971

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4248

    A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /complete_task.php. The manipulation of the argument ID leads to sql injection... Read more

    Affected Products : simple_to-do_list_system
    • Published: May. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4247

    A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Affected is an unknown function of the file /delete_task.php. The manipulation of the argument ID leads to sql injection. It is possible to launch... Read more

    Affected Products : simple_to-do_list_system
    • Published: May. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-32972

    XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights ... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-26450

    An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's da... Read more

    Affected Products : piwigo
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 9.0

    CRITICAL
    CVE-2025-32973

    XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by ... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-25859

    A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.... Read more

    Affected Products : blesta
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 9.0

    CRITICAL
    CVE-2025-32974

    XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since versio... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2023-45859

    In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.... Read more

    Affected Products : hazelcast
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-25180

    An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after in... Read more

    Affected Products : pdfmake
    • Published: Feb. 29, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-22532

    Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.... Read more

    Affected Products : nconvert
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-45847

    Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. ... Read more

    Affected Products : countdown_widget
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2024-26476

    An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.... Read more

    Affected Products : openemr mpdf
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-34020

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. ... Read more

    Affected Products : uncanny_toolkit_for_learndash
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 9.3

    CRITICAL
    CVE-2024-25293

    mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.... Read more

    Affected Products : mjml mjml_app
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-39311

    Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. ... Read more

    Affected Products : avada fusion_builder
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22891

    Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.... Read more

    Affected Products : nteract
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025
Showing 20 of 291736 Results