Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-1766

    The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24.... Read more

    Affected Products : eventin
    • Published: Mar. 20, 2025
    • Modified: Aug. 11, 2025

  • 5.8

    MEDIUM
    CVE-2025-2109

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to mak... Read more

    Affected Products : wp_compress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-2110

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.1... Read more

    Affected Products : wp_compress
    • Published: Mar. 26, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-26964

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.... Read more

    Affected Products : eventin
    • Published: Feb. 25, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-37507

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.... Read more

    Affected Products : eventin
    • Published: Jul. 21, 2024
    • Modified: Aug. 11, 2025

  • 5.9

    MEDIUM
    CVE-2024-39648

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.... Read more

    Affected Products : eventin
    • Published: Aug. 01, 2024
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2022-20634

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP r... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2022-20871

    A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate priv... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 9.9

    CRITICAL
    CVE-2023-20036

    A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input ... Read more

    Affected Products : industrial_network_director
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2023-20039

    A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vu... Read more

    Affected Products : industrial_network_director
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2021-1425

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulne... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2023-49756

    Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.... Read more

    Affected Products : eventin
    • Published: Dec. 09, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2024-56213

    Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.... Read more

    Affected Products : eventin
    • Published: Dec. 31, 2024
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-12047

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and outp... Read more

    Affected Products : wp_compress
    • Published: Jan. 04, 2025
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2022-43651

    Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2022-43652

    Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnera... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2022-43653

    Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2022-43655

    Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vuln... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-51532

    Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2025-51531

    A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgi... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 11, 2025
Showing 20 of 290997 Results