Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3678

    A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component HELP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely.... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-47629

    Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1.... Read more

    Affected Products : wp-crm_system
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-47545

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.... Read more

    Affected Products : poll_maker
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-47546

    Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress allows Cross Site Request Forgery. This issue affects WP Compress: from n/a through 6.30.30.... Read more

    Affected Products : wp_compress
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-47547

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.6.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-43367

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %1.10
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43366

    IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.26
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43365

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43364

    An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.19
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2022-43340

    A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.... Read more

    Affected Products : dzzoffice
    • EPSS Score: %0.10
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-42993

    Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.... Read more

    Affected Products : password_storage_application
    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-37782

    Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.... Read more

    Affected Products : employee_record_management_system
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-47548

    Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-47549

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-47550

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16.... Read more

    Affected Products : instantio
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-47623

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47624

    Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. This issue affects DoFollow Case by Case: from n/a through 3.5.1.... Read more

    Affected Products : dofollow_case_by_case
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-47625

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. This issue affects DoFollow Case by Case: from n/a through 3.5.1.... Read more

    Affected Products : dofollow_case_by_case
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-47626

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47628

    Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0.... Read more

    Affected Products : qs_dark_mode
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 292100 Results