Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-2269

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output esc... Read more

    Affected Products : photo_gallery
    • Published: Apr. 12, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-0129

    An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions.... Read more

    Affected Products : prisma_access_browser
    • Published: Apr. 11, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-11679

    An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-0123

    A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take... Read more

    Affected Products : pan-os
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-0119

    A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-32367

    The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-32080

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32079

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-32078

    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-32077

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-32076

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-32075

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-32074

    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32073

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-32072

    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32071

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32070

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32069

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32068

    Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-32067

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293505 Results