Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-22661

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-22276

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22267

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-22150

    Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted ... Read more

    Affected Products : undici
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-54795

    SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-54794

    The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-54792

    A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editin... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-24018

    YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded.... Read more

    Affected Products : yeswiki
    • Published: Jan. 21, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.4

    LOW
    CVE-2024-45687

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating S... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-24017

    YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the sea... Read more

    Affected Products : yeswiki
    • Published: Jan. 21, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-24012

    Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice co... Read more

    Affected Products : umbraco_cms
    • Published: Jan. 21, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-24011

    Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco managem... Read more

    Affected Products : umbraco_cms
    • Published: Jan. 21, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-0377

    HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.... Read more

    Affected Products : go-slug retryablehttp
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-57036

    TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Jan. 21, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2024-56990

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.... Read more

    Affected Products : hospital_management_system
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2024-56998

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.... Read more

    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2024-56997

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.... Read more

    Affected Products : hospital_management_system
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2024-53829

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API wit... Read more

    Affected Products : codechecker
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24001

    Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-23998

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rara Theme UltraLight allows Reflected XSS. This issue affects UltraLight: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291209 Results