Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-31695

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.... Read more

    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-31696

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.... Read more

    Affected Products : drupal rapidoc_oas_field_formatter
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-31697

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0.... Read more

    Affected Products : drupal formatter_suite
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3059

    Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.... Read more

    Affected Products : profile_private
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025

  • 6.6

    MEDIUM
    CVE-2025-3060

    Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.... Read more

    Affected Products : flattern
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025

  • 6.6

    MEDIUM
    CVE-2025-3061

    Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.... Read more

    Affected Products : material_admin
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025

  • 6.6

    MEDIUM
    CVE-2025-3062

    Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.... Read more

    Affected Products : admin_lte_theme
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025

  • 7.2

    HIGH
    CVE-2025-31282

    A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please not... Read more

    Affected Products : trend_vision_one
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-31283

    A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note:... Read more

    Affected Products : trend_vision_one
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-31284

    A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths... Read more

    Affected Products : trend_vision_one
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-31285

    A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ... Read more

    Affected Products : trend_vision_one
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-31286

    An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vul... Read more

    Affected Products : trend_vision_one
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025

  • 4.8

    MEDIUM
    CVE-2025-3129

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.... Read more

    Affected Products : access_code
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-13290

    Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.... Read more

    Affected Products : ohdear_integration
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-13291

    Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.... Read more

    Affected Products : basic_http_authentication
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-2859

    By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 27, 2024
    • Modified: Sep. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-13292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2.... Read more

    Affected Products : tooltip
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2024-13293

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products : post_file
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products : post_file
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13295

    Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.... Read more

    Affected Products : node_export
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 293333 Results