Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-6412

    The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : html_forms
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-26503

    Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2024-26540

    A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.... Read more

    Affected Products : cimg clmg
    • Published: Mar. 15, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-6272

    The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : spidercontacts
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-6536

    The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap... Read more

    • Published: Jul. 30, 2024
    • Modified: Jun. 10, 2025

  • 4.7

    MEDIUM
    CVE-2024-4217

    The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 13, 2024
    • Modified: Jun. 10, 2025

  • 8.1

    HIGH
    CVE-2024-22259

    Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/dat... Read more

    • Published: Mar. 16, 2024
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-0974

    The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : social_media_widget
    • Published: Jul. 12, 2024
    • Modified: Jun. 10, 2025

  • 6.7

    MEDIUM
    CVE-2024-28283

    There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution.... Read more

    Affected Products : e1000_firmware e1000
    • Published: Mar. 19, 2024
    • Modified: Jun. 10, 2025

  • 8.2

    HIGH
    CVE-2021-25254

    Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.... Read more

    Affected Products : yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-24110

    SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.... Read more

    Affected Products : crmeb_java
    • Published: Mar. 21, 2024
    • Modified: Jun. 10, 2025

  • 8.3

    HIGH
    CVE-2021-25255

    Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2021-25262

    Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.... Read more

    Affected Products : android yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5721

    A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation l... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5299

    A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_order_customer_update.php. The manipulation of the argument uploaded_file_cancel... Read more

    • Published: May. 28, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5712

    A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads t... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5716

    A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to laun... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5755

    A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is p... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5758

    A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to i... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5840

    A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestr... Read more

    • Published: Jun. 07, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293354 Results