Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2025-58257

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Stored XSS. This issue affects Verowa Connect: from n/a through 3.2.3....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58028

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aum Watcharapon Designil PDPA Thailand allows Stored XSS. This issue affects Designil PDPA Thailand: from n/a through 2.0....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58242

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vadim Bogaiskov Bg Church Memos allows DOM-Based XSS. This issue affects Bg Church Memos: from n/a through 1.1....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58678

Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14....

Affected Products : accordion
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Authorization
6.5

MEDIUM

CVE-2025-58253

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager allows DOM-Based XSS. This issue affects Real Estate Manager: from n/a through 7.3....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58648

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login allows Stored XSS. This issue affects Simple JWT Login: from n/a through 3.6.4....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-57900

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.4.2....

Affected Products : gutenkit
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-57911

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-59581

Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Authorization
6.5

MEDIUM

CVE-2025-59585

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe allows DOM-Based XSS. This issue affects Penci Recipe: from n/a through 4.0....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-59583

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything allows DOM-Based XSS. This issue affects Penci Filter Everything: from n/a through n/a....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-59587

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-59592

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor allows Stored XSS. This issue affects Make Column Clickable Elementor: from n/a through 1.6.0....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58234

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager allows Stored XSS. This issue affects JS Job Manager: from n/a through 2.0.2....

Affected Products : js_job_manager
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-58241

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snapwidget SnapWidget Social Photo Feed Widget allows DOM-Based XSS. This issue affects SnapWidget Social Photo Feed Widget: from n/a through 1.1.0....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-10814

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated ...

Affected Products : dir-823x_firmware
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Injection
6.5

MEDIUM

CVE-2025-57901

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DAEXT Import Markdown allows Stored XSS. This issue affects Import Markdown: from n/a through 1.14....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-57947

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Photo Gallery by Ays allows DOM-Based XSS. This issue affects Photo Gallery by Ays: from n/a through 6.3.6....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-57963

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing allows DOM-Based XSS. This issue affects Zoho Billing: from n/a through 4.1....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-57983

Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Request Forgery

Showing 20 of 4358 Results

Browse by Apps

Latest CVE Feed

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable