Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-48915

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-48914

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-35138

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : security_verify_access
    • Published: Feb. 04, 2025
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2021-20450

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user g... Read more

    Affected Products : cognos_controller
    • Published: May. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-5420

    A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload lea... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5421

    A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-5422

    A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email Logs Page. The manipulation leads to improper access controls. It is possible ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5423

    A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General Setting Page. The manipulation leads to improper access con... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2023-6485

    The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stor... Read more

    Affected Products : html5_video_player
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-6421

    The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.... Read more

    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-6113

    The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups l... Read more

    Affected Products : wp_staging
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 4.8

    MEDIUM
    CVE-2023-6037

    The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : wp_tripadvisor_review_slider
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2023-6000

    The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.... Read more

    Affected Products : popup_builder
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-5424

    A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be init... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2023-49557

    An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.... Read more

    Affected Products : yasm
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-49554

    Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.... Read more

    Affected Products : yasm
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34319

    The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the e... Read more

    Affected Products : linux_kernel debian_linux xen
    • Published: Sep. 22, 2023
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32891

    In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS079330... Read more

    Affected Products : android lr13 nr15 nr16 nr17 mt2735 mt6779 mt6781 mt6783 mt6785 +36 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-32889

    In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0116182... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32882

    In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: A... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293608 Results