Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-26743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS. This issue affects Advance WP Query Search Filter: from n/a through 1.0.10.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-26741

    Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-32943

    The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-1688

    Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, o... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-2083

    The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-3579

    In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-3578

    A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possi... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-3575

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-3574

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2024-45712

    SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.... Read more

    Affected Products : serv-u
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-3622

    A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-3576

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions... Read more

    • Published: Apr. 15, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-32993

    Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025

  • 6.4

    MEDIUM
    CVE-2025-2225

    The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rael_title_tag' parameter in all versions up to, and including, 1.6.9 due to insufficient... Read more

    • Published: Apr. 15, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13610

    The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : simple_social_buttons
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13207

    The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : widget_for_social_page_feeds
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3573

    Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in... Read more

    Affected Products : jquery_validation
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-29984

    Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : trusted_device_agent
    • Published: Apr. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-29983

    Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of priv... Read more

    Affected Products : trusted_device_agent
    • Published: Apr. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-3613

    A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be init... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293505 Results