Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-4309

    SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.3

    MEDIUM
    CVE-2024-4310

    Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads t... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2017-18591

    The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.... Read more

    Affected Products : gd_rating_system gd_rating_system
    • Published: Aug. 27, 2019
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-29710

    SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29709

    SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-29708

    SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2023-24204

    SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-24203

    Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 23, 2025

  • 6.8

    MEDIUM
    CVE-2025-27892

    Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.... Read more

    Affected Products : shopware
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-29471

    Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.... Read more

    Affected Products : log_server
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-22911

    RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-43768

    An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.... Read more

    Affected Products : couchbase_server
    • Published: Mar. 27, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-49338

    Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.... Read more

    Affected Products : couchbase_server server
    • Published: Feb. 28, 2024
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-45873

    An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.... Read more

    Affected Products : couchbase_server
    • Published: Feb. 28, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-10680

    The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-25082

    Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 4.2

    MEDIUM
    CVE-2024-25081

    Splinefont in FontForge through 20230101 allows command injection via crafted filenames.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3676

    A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remote... Read more

    Affected Products : novel-plus
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-27676

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27654

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025
Showing 20 of 293605 Results