Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-10632

    The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : nokaut_offers_box
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-10634

    The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack... Read more

    Affected Products : nokaut_offers_box
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-1499

    IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.... Read more

    • Published: Jun. 01, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-25044

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : planning_analytics_local
    • Published: Jun. 01, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2896

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : planning_analytics_local
    • Published: Jun. 01, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-11140

    The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-33004

    IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.... Read more

    Affected Products : planning_analytics_local
    • Published: Jun. 01, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-33005

    IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : planning_analytics_local
    • Published: Jun. 01, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-46154

    Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.... Read more

    Affected Products : foxcms
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-43923

    An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.... Read more

    Affected Products : focal_point
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-43924

    Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an ... Read more

    Affected Products : focal_point
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-44148

    Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component... Read more

    Affected Products : mailenable
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29306

    An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.... Read more

    Affected Products : foxcms
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2024-25251

    code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.... Read more

    • Published: Feb. 22, 2024
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2024-21116

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : linux_kernel vm_virtualbox
    • Published: Apr. 16, 2024
    • Modified: Jun. 09, 2025

  • 8.6

    HIGH
    CVE-2024-21136

    Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated att... Read more

    Affected Products : retail_xstore_office
    • Published: Jul. 16, 2024
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2024-21026

    Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with netw... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-21175

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2023-5388

    NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.... Read more

    • Published: Mar. 19, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-12976

    A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The att... Read more

    • Published: Dec. 27, 2024
    • Modified: Jun. 09, 2025
Showing 20 of 293261 Results