Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-46599

    CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthent... Read more

    Affected Products : k3s
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-46480

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Nepali Post Date allows Stored XSS. This issue affects Nepali Post Date: from n/a through 5.1.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46484

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder allows DOM-Based XSS. This issue affects Image Hover Effects For WPBakery Page Builder: from n/... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-46595

    An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or ve... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-46546

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-46533

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a ... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46510

    Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46492

    Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.4

    MEDIUM
    CVE-2025-46545

    In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46491

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46472

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.2.... Read more

    Affected Products : the_pack_elementor_addons
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46479

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46450

    Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-46505

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-46489

    Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46467

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahendra Putra K™ RAphicon allows DOM-Based XSS. This issue affects RAphicon: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46445

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46524

    Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46502

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a t... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-46275

    WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing any existing credentials.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 292770 Results