Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-51322

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4256

    A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The ex... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-45240

    foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.... Read more

    Affected Products : foxcms foxcms
    • Published: May. 05, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-45238

    foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.... Read more

    Affected Products : foxcms
    • Published: May. 05, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-45239

    An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.... Read more

    Affected Products : foxcms foxcms
    • Published: May. 05, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-4327

    A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the pub... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-4329

    A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be la... Read more

    Affected Products : 74cms
    • Published: May. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-49113

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.... Read more

    Affected Products : webmail roundcube
    • Published: Jun. 02, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-8012

    An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 8.8

    HIGH
    CVE-2024-44107

    DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 8.8

    HIGH
    CVE-2024-44106

    Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 8.2

    HIGH
    CVE-2024-44105

    Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 8.8

    HIGH
    CVE-2024-44104

    An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 8.8

    HIGH
    CVE-2024-44103

    DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : workspace_control
    • Published: Sep. 10, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-44073

    SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.... Read more

    Affected Products : seacms
    • Published: May. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2024-12595

    The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : ahathat
    • Published: Jan. 02, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-11645

    The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : float_block
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-11605

    The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-publications
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-10103

    In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : mailpoet mailpoet
    • Published: Nov. 19, 2024
    • Modified: Jun. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-6270

    The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : community_events
    • Published: Aug. 05, 2024
    • Modified: Jun. 12, 2025
Showing 20 of 293354 Results