Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-2984

    A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injection. The attack m... Read more

    • Published: Mar. 31, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-2072

    A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handle... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-2071

    A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling ... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-2983

    A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to ... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-2982

    A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is possible to launch the attack remotely. The exploit has be... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-3019

    KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to infor... Read more

    Affected Products : business_hub
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-2981

    A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. T... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-2980

    A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. This vulnerability affects unknown code. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclos... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2402

    A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manip... Read more

    Affected Products : business_hub
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-31417

    Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a.... Read more

    Affected Products : wp_docs
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-31414

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.65.... Read more

    Affected Products : cost_calculator_builder
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-31412

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetProductGallery allows DOM-Based XSS. This issue affects JetProductGallery: from n/a through 2.1.22.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31387

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.... Read more

    Affected Products : instawp_connect
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31043

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31016

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder allows PHP Local File Inclusion.This issue affects JetWooBuilder: from n/a through 2.1.18.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-30987

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.16.... Read more

    Affected Products : jetblocks_for_elementor
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-30855

    Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.... Read more

    Affected Products : ads
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-30835

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-2979

    A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is po... Read more

    Affected Products : wcms
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-2978

    A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manip... Read more

    Affected Products : wcms
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 292517 Results