Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    CVSS31
    CVE-2025-3803

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buf... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 8.8

    CVSS31
    CVE-2025-3802

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer ov... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 2.4

    CVSS31
    CVE-2025-3801

    A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. I... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.3

    CVSS31
    CVE-2025-3800

    A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.3

    CVSS31
    CVE-2025-3799

    A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch ... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 4.7

    CVSS31
    CVE-2025-3798

    A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 6.4

    CVSS31
    CVE-2025-3661

    The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 8.8

    CVSS31
    CVE-2025-3404

    The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : download_manager
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 9.8

    CVSS31
    CVE-2021-4455

    The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrar... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 4.7

    CVSS31
    CVE-2025-3797

    A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : seacms
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.2

    CVSS31
    CVE-2025-3809

    The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    Affected Products : debug_log_manager
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.5

    CVSS31
    CVE-2025-2111

    The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it pos... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.5

    CVSS31
    CVE-2025-3103

    The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 6.4

    CVSS31
    CVE-2025-3275

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : themesflat_addons_for_elementor
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 6.4

    CVSS31
    CVE-2025-1457

    The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 9.8

    CVSS31
    CVE-2025-1093

    The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary ... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 4.3

    CVSS31
    CVE-2025-3284

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation ... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 9.8

    CVSS31
    CVE-2025-3278

    The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role'... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 7.5

    CVSS31
    CVE-2025-2010

    The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplie... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 19, 2025

  • 6.3

    CVSS31
    CVE-2025-3796

    A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql inj... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025
Showing 20 of 58 Results
© cvefeed.io
Latest DB Update: Apr. 20, 2025 15:58