Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-46461

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB allows DOM-Based XSS. This issue affects RRSSB: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-46459

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ralf Hortt Confirm User Registration allows Stored XSS. This issue affects Confirm User Registration: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46457

    Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-46453

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreatorTeam Zoho Creator Forms allows Stored XSS. This issue affects Zoho Creator Forms: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46452

    Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-46451

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar allows Stored XSS. This issue affects Floating Social Bar: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46450

    Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46449

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46447

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46445

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-46443

    Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-46442

    Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.4

    HIGH
    CVE-2025-46439

    Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal. This issue affects Plugin Central: from n/a through 2.5.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-46438

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-46436

    Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46435

    Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.9

    CRITICAL
    CVE-2025-46264

    Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more

    Affected Products : powerpress
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-46261

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46260

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-46248

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5.... Read more

    Affected Products : frontend_dashboard
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection
Showing 20 of 293609 Results