Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-31690

    Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via th... Read more

    • EPSS Score: %0.21
    • Published: Oct. 31, 2022
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-2627

    The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : newspaper
    • EPSS Score: %24.77
    • Published: Oct. 31, 2022
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-2159

    The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    Affected Products : sassy_social_share
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-0905

    The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users... Read more

    Affected Products : fancy_product_designer
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-3265

    The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuratio... Read more

    Affected Products : advance_search
    • Published: Apr. 25, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-3261

    The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti... Read more

    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 3.8

    LOW
    CVE-2024-2972

    The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin t... Read more

    Affected Products : floating_chat_widget
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-2402

    The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : better_comments
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2023-7253

    The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.... Read more

    Affected Products : import_wp
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-3220

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injectio... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3217

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3216

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is p... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3006

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of the argument Category leads to sql injection. The att... Read more

    Affected Products : e-diary_management_system
    • Published: Mar. 31, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-2371

    A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2372

    A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component Password Recovery Page. The manipulation of the argum... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2373

    A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the argument mobnumber/employeeid leads to... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2374

    A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobile... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-2375

    A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argume... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4303

    A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument e... Read more

    • Published: May. 06, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1954

    A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username lea... Read more

    • Published: Mar. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection
Showing 20 of 292228 Results