Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-51312

    PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter.... Read more

    Affected Products : restaurant_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-51311

    PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System ... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2023-51310

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large am... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2023-51309

    A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2023-51308

    PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-51306

    PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-1039

    The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    Affected Products : lenix_leads_collector
    • Published: Feb. 20, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-21106

    Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Feb. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21105

    Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action pe... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Feb. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1043

    The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attac... Read more

    Affected Products : embed_any_document
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-0868

    A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue ... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-49781

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    • Published: Feb. 20, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2024-49779

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using... Read more

    • Published: Feb. 20, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-49344

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.... Read more

    • Published: Feb. 20, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-49337

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit th... Read more

    • Published: Feb. 20, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1483

    The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it ... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1328

    The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : typed_js
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0866

    The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more

    Affected Products : pdf_manager
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-6432

    The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitiz... Read more

    Affected Products : content_blocks
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13855

    The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible... Read more

    Affected Products : prime_addons_for_elementor
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization
Showing 20 of 291750 Results