Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-54685

    Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-54686

    Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-54687

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54688

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.... Read more

    Affected Products : jetengine_for_elementor
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-54693

    Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5.... Read more

    Affected Products : form_block
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-54694

    Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.... Read more

    Affected Products : button_block
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-54695

    Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54696

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-54698

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.... Read more

    Affected Products : classified_listing
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54699

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3.... Read more

    Affected Products : masteriyo
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-54701

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp: from n/a through 2.6.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-54707

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-56469

    IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due t... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-52890

    IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2023-38012

    IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/..... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-1838

    IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: May. 03, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-1495

    IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.... Read more

    • Published: May. 03, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-41753

    IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering t... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: May. 03, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-51598

    Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vuln... Read more

    Affected Products : office_word
    • Published: May. 03, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2021-34947

    NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit thi... Read more

    • Published: May. 07, 2024
    • Modified: Aug. 14, 2025
Showing 20 of 292795 Results