Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-6674

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3.... Read more

    Affected Products : ckeditor5_youtube ckeditor5_youtube
    • Published: Jun. 26, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-49732

    Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49730

    Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Race Condition

  • 4.6

    MEDIUM
    CVE-2025-20924

    Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20925

    Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20927

    Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025

  • 6.4

    MEDIUM
    CVE-2025-5234

    The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : gutenverse_news
    • Published: Jun. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-20928

    Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-5490

    The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : football_pool football_pool
    • Published: Jun. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4774

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-38459

    langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.... Read more

    • Published: Jun. 16, 2024
    • Modified: Jul. 16, 2025

  • 6.4

    MEDIUM
    CVE-2024-3648

    The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : sharethis_share_buttons
    • Published: May. 23, 2024
    • Modified: Jul. 16, 2025

  • 6.4

    MEDIUM
    CVE-2025-4577

    The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and ou... Read more

    Affected Products : smash_balloon_social_post_feed
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-12058

    External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025

  • 6.4

    MEDIUM
    CVE-2024-4045

    The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insuff... Read more

    Affected Products : optinmonster
    • Published: May. 25, 2024
    • Modified: Jul. 16, 2025

  • 7.2

    HIGH
    CVE-2025-5817

    The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitr... Read more

    Affected Products : amazon_products_to_woocommerce
    • Published: Jul. 02, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-2872

    The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products : swift_framework
    • Published: Aug. 01, 2024
    • Modified: Jul. 16, 2025

  • 8.8

    HIGH
    CVE-2024-6607

    It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 09, 2024
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-33844

    IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t... Read more

    Affected Products : security_verify_governance
    • Published: Apr. 09, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-3538

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. ... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Apr. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291638 Results