Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-31696

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-31695

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-31694

    Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-31691

    Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-31690

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-31689

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-31688

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-31687

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting (XSS).This issue affects SpamSpan filter: from 0.0.0 before 3.2.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-31686

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-31685

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-31684

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-53636

    An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2022-45015

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45014

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45013

    A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45012

    A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-44830

    Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.... Read more

    Affected Products : event_registration_application
    • EPSS Score: %1.90
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-44788

    An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.11
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-44787

    An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victi... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.11
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44786

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each applic... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291222 Results