Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-23446

    Cross-Site Request Forgery (CSRF) vulnerability in NotFound WP SpaceContent allows Stored XSS. This issue affects WP SpaceContent: from n/a through 0.4.5.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-23441

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Attach Gallery Posts allows Reflected XSS. This issue affects Attach Gallery Posts: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-23440

    Missing Authorization vulnerability in radicaldesigns radSLIDE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects radSLIDE: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-23439

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config allows Reflected XSS. This issue affects TinyMCE Extended Config: from n/a through 0.1.0.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23437

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ntp-header-images allows Reflected XSS. This issue affects ntp-header-images: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23433

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS allows Reflected XSS. This issue affects vcOS: from n/a through 1.4.0.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23425

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark allows Reflected XSS. This issue affects Marekkis Watermark: from n/a through 0.9.4.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-54179

    IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScr... Read more

    Affected Products : business_automation_workflow
    • Published: Mar. 03, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-47092

    Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1... Read more

    Affected Products : check_mk_python_api
    • Published: Mar. 03, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-1875

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1874

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1873

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1872

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1871

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-1870

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1869

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-21424

    Memory corruption while calling the NPU driver APIs concurrently.... Read more

    • Published: Mar. 03, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-1868

    Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. Thi... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-0475

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstance... Read more

    Affected Products : gitlab
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-53034

    Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292811 Results