Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-39243

    An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.... Read more

    Affected Products : skycaiji
    • Published: Jun. 26, 2024
    • Modified: Jun. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-57498

    Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.... Read more

    Affected Products : forestblog
    • Published: Feb. 03, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46982

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-23105

    An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-23099

    An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-27955

    Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.... Read more

    Affected Products : clinical_collaboration_platform
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2018-16210

    WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.... Read more

    • Published: Oct. 12, 2018
    • Modified: Jun. 13, 2025

  • 9.0

    CRITICAL
    CVE-2022-45064

    The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a ... Read more

    Affected Products : sling apache_sling_engine
    • Published: Apr. 13, 2023
    • Modified: Jun. 13, 2025

  • 6.5

    MEDIUM
    CVE-2025-27954

    An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.... Read more

    Affected Products : clinical_collaboration_platform
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-27953

    An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.... Read more

    Affected Products : clinical_collaboration_platform
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-23104

    An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    Affected Products : exynos_2200_firmware exynos_2200
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-45542

    SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-46981

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46979

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46978

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46977

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46976

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-44115

    A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.... Read more

    Affected Products : cotonti_siena
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-57459

    A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-31503

    Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Apr. 17, 2024
    • Modified: Jun. 13, 2025
Showing 20 of 293418 Results