Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-30908

    Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6.... Read more

    Affected Products : web_directory_free
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-30889

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13.... Read more

    Affected Products : testimonial_builder
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-30858

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30611

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30596

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-29369

    Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1.... Read more

    Affected Products : matrimonial_site
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-22931

    An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22930

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22929

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22926

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-2946

    pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-2945

    Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint... Read more

    Affected Products : pgadmin
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-22928

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-22927

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-9416

    The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2299

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauth... Read more

    Affected Products : luckywp_table_of_contents
    • Published: Apr. 03, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-53868

    Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fi... Read more

    Affected Products : traffic_server
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-3152

    A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to c... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3151

    A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument user_name leads to sql injection. The atta... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection
Showing 20 of 293350 Results