Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-22524

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in instaform.ir فرم ساز فرم افزار allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22522

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22520

    Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-22519

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22517

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson List Pages at Depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22516

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22515

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simon Chuang Show Google Analytics widget allows Stored XSS.This issue affects Show Google Analytics widget: from n/a through 1.5.4.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-22512

    Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-22511

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-22507

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia ([email protected]) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-22503

    Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-22502

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22338

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22335

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through 1.3.... Read more

    Affected Products : custom_field_for_wp_job_manager
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-21624

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper ch... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-21623

    ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-21622

    ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subd... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0298

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be in... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection
Showing 20 of 293592 Results