Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-46226

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.... Read more

    Affected Products : mpl-publisher mpl-publisher
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46227

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.... Read more

    Affected Products : custom_related_posts
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13326

    The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : ibuildapp
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-45751

    SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.... Read more

    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-3363

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.10
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-39944

    In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and maliciou... Read more

    Affected Products : linkis
    • EPSS Score: %1.19
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-37202

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.46
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-32407

    Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : softr
    • EPSS Score: %0.11
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 6.8

    MEDIUM
    CVE-2022-31898

    gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.... Read more

    • EPSS Score: %35.86
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2022-2782

    In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-13098

    The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wordpress_email_newsletter
    • Published: Feb. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13094

    The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_triggers_lite
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12774

    The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack... Read more

    Affected Products : altra_side_menu
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2025-1453

    The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : category_posts_widget
    • Published: Apr. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13057

    The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : dyn_business_panel
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2024-13056

    The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : dyn_business_panel
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13055

    The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : dyn_business_panel
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-23044

    PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability t... Read more

    Affected Products : pwndoc
    • Published: Jan. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-12773

    The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : altra_side_menu
    • Published: Jan. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3971

    A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injecti... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection
Showing 20 of 291570 Results