Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-3491

    The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 't... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2907

    The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. ... Read more

    • Published: Apr. 26, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-2105

    The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for a... Read more

    Affected Products : jupiter_x_core
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1458

    The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up... Read more

    Affected Products : element_pack
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13808

    The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the wid... Read more

    Affected Products : xpro_addons_for_elementor
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-2801

    The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute ... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-46333

    z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32986

    NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32985

    NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-32984

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32983

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-32982

    NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-32981

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32980

    NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-32979

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-28128

    An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.... Read more

    Affected Products : telecom_online_account_system
    • Published: Apr. 25, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-3935

    ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.  It is important to n... Read more

    Affected Products : screenconnect
    • Actively Exploited
    • Published: Apr. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-30152

    HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.... Read more

    Affected Products : hcl_sx
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-25775

    Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.... Read more

    Affected Products : bus_ticket_booking_system
    • Published: Apr. 25, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3928

    Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.... Read more

    Affected Products : linux_kernel windows commvault
    • Actively Exploited
    • Published: Apr. 25, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication
Showing 20 of 293620 Results