Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-49591

    CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain a... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-20260

    A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability... Read more

    Affected Products : clamav
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2025-49590

    CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before ... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 2.0

    LOW
    CVE-2025-8573

    Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concr... Read more

    Affected Products : concrete_cms concrete5
    • Published: Aug. 05, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-5071

    The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authentica... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jun. 19, 2025
    • Modified: Aug. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-1766

    The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24.... Read more

    Affected Products : eventin
    • Published: Mar. 20, 2025
    • Modified: Aug. 11, 2025

  • 5.8

    MEDIUM
    CVE-2025-2109

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to mak... Read more

    Affected Products : wp_compress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-2110

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.1... Read more

    Affected Products : wp_compress
    • Published: Mar. 26, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-26964

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.... Read more

    Affected Products : eventin
    • Published: Feb. 25, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-37507

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.... Read more

    Affected Products : eventin
    • Published: Jul. 21, 2024
    • Modified: Aug. 11, 2025

  • 5.9

    MEDIUM
    CVE-2024-39648

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.... Read more

    Affected Products : eventin
    • Published: Aug. 01, 2024
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2022-20634

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP r... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2022-20871

    A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate priv... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 9.9

    CRITICAL
    CVE-2023-20036

    A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input ... Read more

    Affected Products : industrial_network_director
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2023-20039

    A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vu... Read more

    Affected Products : industrial_network_director
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2021-1425

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulne... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2023-49756

    Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.... Read more

    Affected Products : eventin
    • Published: Dec. 09, 2024
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2024-56213

    Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.... Read more

    Affected Products : eventin
    • Published: Dec. 31, 2024
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-12047

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and outp... Read more

    Affected Products : wp_compress
    • Published: Jan. 04, 2025
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2022-43651

    Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 11, 2025
Showing 20 of 291002 Results