Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-2285

    Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : simple_custom_css_and_js
    • EPSS Score: %0.53
    • Published: Aug. 02, 2017
    • Modified: May. 06, 2025

  • 9.3

    HIGH
    CVE-2017-16368

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow... Read more

    • EPSS Score: %18.40
    • Published: Dec. 09, 2017
    • Modified: May. 06, 2025

  • 10.0

    HIGH
    CVE-2017-14429

    The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell me... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %3.41
    • Published: Sep. 13, 2017
    • Modified: May. 06, 2025

  • 7.1

    HIGH
    CVE-2024-13864

    The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : countdown_timer
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13419

    Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. This makes it possible for auth... Read more

    Affected Products : april auteur benaa beyot
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3890

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user... Read more

    • Published: May. 01, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2024-4856

    The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthentic... Read more

    Affected Products : fs_product_inquiry
    • Published: Jun. 04, 2024
    • Modified: May. 06, 2025

  • 8.5

    HIGH
    CVE-2024-21678

    This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims b... Read more

    • Published: Feb. 20, 2024
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-4857

    The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : fs_product_inquiry
    • Published: Jun. 04, 2024
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2024-29848

    An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. ... Read more

    Affected Products : avalanche
    • Published: May. 31, 2024
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2024-27975

    An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2024-27976

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-27977

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-27978

    A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2025-45613

    Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45611

    Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45610

    Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45609

    Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45608

    Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-21172

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291722 Results