Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7184

    A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7185

    A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-30330

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 03, 2024
    • Modified: Jul. 09, 2025

  • 3.3

    LOW
    CVE-2024-30347

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Jul. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-11897

    The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output ... Read more

    Affected Products : mightyforms
    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2024-30341

    Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2025-47957

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-47953

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2023-6978

    The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products : wp_job_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-47175

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47174

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47173

    Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-47172

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-47171

    Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-47170

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47169

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-10787

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This mak... Read more

    • Published: Dec. 04, 2024
    • Modified: Jul. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-10178

    The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and ... Read more

    Affected Products : gutentor
    • Published: Dec. 05, 2024
    • Modified: Jul. 09, 2025

  • 7.2

    HIGH
    CVE-2024-10247

    The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and ... Read more

    Affected Products : video_gallery
    • Published: Dec. 06, 2024
    • Modified: Jul. 09, 2025

  • 4.8

    MEDIUM
    CVE-2024-9769

    The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : video_gallery
    • Published: Dec. 06, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 293545 Results