Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-39382

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-39381

    Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-39379

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-39378

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue aff... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-39377

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-39360

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-39359

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-32921

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2024-30148

    Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-44135

    A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44134

    A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-29568

    A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting ... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-43855

    tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. Th... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-30409

    Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-30408

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27820

    A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release... Read more

    Affected Products : httpclient ontap_tools
    • Published: Apr. 24, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-3872

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepti... Read more

    Affected Products : centreon
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2021-47664

    Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 293616 Results