Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-53262

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Aug. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-53261

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scr... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Aug. 28, 2025

  • 7.5

    HIGH
    CVE-2024-52510

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. ... Read more

    Affected Products : desktop notes
    • Published: Nov. 15, 2024
    • Modified: Aug. 28, 2025

  • 7.7

    HIGH
    CVE-2025-51970

    A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.... Read more

    Affected Products : online_shopping_system_advanced
    • Published: Jul. 29, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-6219

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 28, 2025

  • 6.1

    MEDIUM
    CVE-2025-9432

    A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be laun... Read more

    Affected Products : mblog
    • Published: Aug. 26, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-9431

    A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.... Read more

    Affected Products : mblog
    • Published: Aug. 26, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2022-4536

    The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restr... Read more

    • Published: Aug. 31, 2024
    • Modified: Aug. 28, 2025

  • 4.8

    MEDIUM
    CVE-2025-9430

    A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. Th... Read more

    Affected Products : mblog
    • Published: Aug. 26, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9429

    A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is pos... Read more

    Affected Products : mblog
    • Published: Aug. 26, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8908

    A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql... Read more

    Affected Products : lingdang_crm
    • Published: Aug. 13, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55619

    Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-55620

    A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-55623

    An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-55624

    An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-13273

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 bef... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-30040

    Windows MSHTML Platform Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: May. 14, 2024
    • Modified: Aug. 28, 2025

  • 8.8

    HIGH
    CVE-2025-8127

    A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be initiated... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8161

    A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql injection. The at... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8162

    A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads to sql injectio... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection
Showing 20 of 292795 Results