Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-49563

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-1860

    Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-31092

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Wid... Read more

    Affected Products : click_to_chat
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-30232

    A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.... Read more

    Affected Products : exim
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-31101

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-31031

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-2888

    During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. ... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025

  • 5.7

    MEDIUM
    CVE-2025-2887

    During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2886

    Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target co... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2885

    Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-2878

    A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The man... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-26956

    Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-26898

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-26890

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26874

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13.... Read more

    Affected Products : memberspace
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-26873

    Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 8.2

    HIGH
    CVE-2025-26733

    Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22740

    Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.... Read more

    Affected Products : sensei_lms
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22739

    Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.... Read more

    Affected Products : learnpress
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2024-55070

    A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.... Read more

    Affected Products : mealie
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 292787 Results