Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-22637

    Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-22634

    Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Schedulin... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-22629

    Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22628

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22497

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widge... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-22496

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell allows Stored XSS.This issue affects Notif Bell: from n/a through 0.9.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22278

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-31181

    A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31180

    A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-31179

    A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31178

    A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31176

    A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-30358

    Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-30221

    Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are availabl... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025

  • 7.2

    HIGH
    CVE-2025-30067

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. ... Read more

    Affected Products : kylin
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2854

    A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. ... Read more

    • Published: Mar. 27, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.5

    CRITICAL
    CVE-2025-2516

    The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the upda... Read more

    Affected Products : wps_office
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-29497

    libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.... Read more

    Affected Products : libming
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-29496

    libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.... Read more

    Affected Products : libming
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-29494

    libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.... Read more

    Affected Products : libming
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293505 Results