Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-3760

    A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 thro... Read more

    Affected Products : liferay_portal dxp
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3487

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and out... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3479

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user contro... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-3453

    The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-26478

    Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Apr. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-26477

    Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Apr. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-29931

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deseriali... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 17, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-2197

    Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.... Read more

    Affected Products : baidu
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-2188

    There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.... Read more

    Affected Products : gamecenter
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-1532

    Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.... Read more

    Affected Products : phoneservice phoneservice
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-3615

    The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authent... Read more

    Affected Products : contact_form
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-3113

    A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This a... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-2903

    An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitiv... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-3295

    The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected s... Read more

    Affected Products : wp_editor
    • Published: Apr. 17, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-3294

    The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to ... Read more

    Affected Products : wp_editor
    • Published: Apr. 17, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2025-1525

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1524

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1523

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-13925

    The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result ... Read more

    Affected Products : klarna_checkout_for_woocommerce
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2024-11924

    The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un... Read more

    Affected Products : icegram_express
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293562 Results