Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-31536

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Reflected XSS. This issue affects CF7 Spreadsheets: from n/a through 2.3.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31468

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP_Identicon allows Reflected XSS. This issue affects WP_Identicon: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31467

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flickr Photostream allows Reflected XSS. This issue affects Flickr Photostream: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31442

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Search engine keywords highlighter allows Reflected XSS. This issue affects Search engine keywords highlighter: from n/a through 0.1.3.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31436

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on allows Reflected XSS. This issue affects Blubrry PowerPress Podcasting plugin MultiS... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31098

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator allows PHP Local File Inclusion. This issue affects DeBounce Email Validator: from n/a through 5.7.... Read more

    Affected Products : email_validator
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31091

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer allows Stored XSS. This issue affects CM Header and Footer: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30916

    Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30915

    Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/... Read more

    Affected Products : small_package_quotes
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-30908

    Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6.... Read more

    Affected Products : web_directory_free
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-30889

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13.... Read more

    Affected Products : testimonial_builder
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-30858

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30611

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30596

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-29369

    Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1.... Read more

    Affected Products : matrimonial_site
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-22931

    An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22930

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22929

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22926

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293179 Results