Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-28991

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon allows PHP Local File Inclusion. This issue affects Evon: from n/a through 3.4.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2025-28972

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24773

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-24761

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-6069

    The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.... Read more

    Affected Products : python
    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-4879

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more

    Affected Products : workspace
    • Published: Jun. 17, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-4404

    A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same can... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 1.0

    LOW
    CVE-2025-49842

    conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the ro... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-0320

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows... Read more

    Affected Products : windows secure_access_client
    • Published: Jun. 17, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-6020

    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.... Read more

    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-5777

    Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    • Actively Exploited
    • Published: Jun. 17, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5349

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway... Read more

    • Published: Jun. 17, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-4365

    Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)... Read more

    Affected Products : netscaler_console netscaler_sdx
    • Published: Jun. 17, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-5700

    The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5291

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and ... Read more

    Affected Products : master_slider
    • Published: Jun. 17, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-3880

    The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible... Read more

    Affected Products : poll\,_survey_\&_quiz_maker
    • Published: Jun. 17, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-6050

    Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before includi... Read more

    Affected Products : mezzanine
    • Published: Jun. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3515

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attac... Read more

    • Published: Jun. 17, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-40674

    Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability... Read more

    Affected Products : oscommerce
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-6173

    A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack ... Read more

    Affected Products : qloapps
    • Published: Jun. 17, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection
Showing 20 of 291728 Results