Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2025-29471

    Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.... Read more

    Affected Products : log_server
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-22911

    RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-43768

    An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.... Read more

    Affected Products : couchbase_server
    • Published: Mar. 27, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-49338

    Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.... Read more

    Affected Products : couchbase_server server
    • Published: Feb. 28, 2024
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-45873

    An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.... Read more

    Affected Products : couchbase_server
    • Published: Feb. 28, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-10680

    The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-25082

    Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 4.2

    MEDIUM
    CVE-2024-25081

    Splinefont in FontForge through 20230101 allows command injection via crafted filenames.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3676

    A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remote... Read more

    Affected Products : novel-plus
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-27676

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27654

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-27653

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-27637

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-51101

    Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.... Read more

    Affected Products : w9_firmware w9
    • Published: Dec. 26, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-50175

    Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbit... Read more

    Affected Products : growi
    • Published: Dec. 26, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-45740

    Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the produ... Read more

    Affected Products : growi
    • Published: Dec. 26, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-46770

    qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.2... Read more

    Affected Products : mirage_firewall
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-46688

    A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credential... Read more

    Affected Products : sonar_gerrit
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-46687

    Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.... Read more

    Affected Products : spring_config
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-46686

    Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl... Read more

    Affected Products : custom_build_properties
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293616 Results