Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-23994

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23580

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1.... Read more

    Affected Products : bizlibrary
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23551

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P. Razvan SexBundle allows Reflected XSS. This issue affects SexBundle: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23489

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 8.2

    HIGH
    CVE-2025-23477

    Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.... Read more

    Affected Products : realty_workstation
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23461

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23454

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook allows Reflected XSS. This issue affects Nature FlipBook: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-22722

    Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-22721

    Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline – Application Form Builder and Manager: from n/a ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-22661

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 5.9

    MEDIUM
    CVE-2025-22276

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-22267

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 6.8

    MEDIUM
    CVE-2025-22150

    Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted ... Read more

    Affected Products : undici
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-54795

    SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 9.1

    CRITICAL
    CVE-2024-54794

    The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-54792

    A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editin... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 7.6

    HIGH
    CVE-2025-24018

    YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded.... Read more

    Affected Products : yeswiki
    • Published: Jan. 21, 2025
    • Modified: May. 09, 2025

  • 2.4

    LOW
    CVE-2024-45687

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating S... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.6

    HIGH
    CVE-2025-24017

    YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the sea... Read more

    Affected Products : yeswiki
    • Published: Jan. 21, 2025
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-24012

    Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice co... Read more

    Affected Products : umbraco_cms
    • Published: Jan. 21, 2025
    • Modified: Feb. 20, 2025
Showing 20 of 291158 Results