Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-34840

    Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-2311

    The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.... Read more

    Affected Products : find_and_replace_all
    • Published: Nov. 28, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-29244

    npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 an... Read more

    • Published: Jun. 13, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2020-36656

    The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.... Read more

    Affected Products : spectra
    • Published: Feb. 21, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3439

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_v... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-3421

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficien... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-3422

    The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users... Read more

    Affected Products : everest_forms
    • Published: Apr. 11, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-24447

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and I... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30282

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabilit... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30294

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-4306

    Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-4307

    SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-4309

    SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.3

    MEDIUM
    CVE-2024-4310

    Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads t... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2017-18591

    The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.... Read more

    Affected Products : gd_rating_system gd_rating_system
    • Published: Aug. 27, 2019
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-29710

    SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29709

    SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-29708

    SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2023-24204

    SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-24203

    Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 294349 Results