Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-45721

    Insufficient default configuration in HCL Leap allows anonymous access to directory information.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-2890

    The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient ... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-24342

    A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 2.6

    LOW
    CVE-2024-47784

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 8.2

    HIGH
    CVE-2025-32777

    Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-46554

    XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 8.4

    HIGH
    CVE-2025-46557

    XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can acces... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-4136

    A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack re... Read more

    Affected Products : wetong_mall
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 4.6

    MEDIUM
    CVE-2022-42450

    Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.3

    MEDIUM
    CVE-2024-30115

    Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-30145

    Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 4.1

    MEDIUM
    CVE-2024-30146

    Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 9.0

    CRITICAL
    CVE-2025-47154

    LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025

  • 7.1

    HIGH
    CVE-2025-24338

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requ... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.3

    MEDIUM
    CVE-2025-24344

    A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a c... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2025-24346

    A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2025-40615

    Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025

  • 9.3

    CRITICAL
    CVE-2025-40617

    SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-4078

    A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack m... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-23179

    CWE-798: Use of Hard-coded Credentials... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
Showing 20 of 291157 Results