Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.9

MEDIUM

CVE-2025-58984

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20....

Affected Products : welcart_e-commerce
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-48360

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3....

Affected Products :
Published: Aug. 28, 2025

Modified: Aug. 29, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-57941

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JonathanMH Append Link on Copy allows Stored XSS. This issue affects Append Link on Copy: from n/a through 0.2....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58646

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go allows Stored XSS. This issue affects Mobi2Go: from n/a through 1.0.0....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58982

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8....

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-53464

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ironikus WP Mailto Links allows Stored XSS. This issue affects WP Mailto Links: from n/a through 3.1.4....

Affected Products : wp_mailto_links
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58983

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2....

Affected Products : include_me
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58820

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8....

Affected Products :
Published: Sep. 05, 2025

Modified: Sep. 05, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-57908

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58960

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3....

Affected Products : ip_based_login
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-59548

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicki...

Affected Products : dotnetnuke
Published: Sep. 23, 2025

Modified: Sep. 24, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58805

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0....

Affected Products :
Published: Sep. 05, 2025

Modified: Sep. 05, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-53469

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Stored XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58883

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Harris Search Cloud One allows Stored XSS. This issue affects Search Cloud One: from n/a through 2.2.5....

Affected Products :
Published: Sep. 05, 2025

Modified: Sep. 05, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-60184

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink allows Stored XSS. This issue affects SEO Search Permalink: from n/a through 1.0.3....

Affected Products :
Published: Sep. 26, 2025

Modified: Sep. 26, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-48352

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5....

Affected Products :
Published: Aug. 28, 2025

Modified: Aug. 29, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58245

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58....

Affected Products : portfolio
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-57956

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-58271

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3....

Affected Products :
Published: Sep. 22, 2025

Modified: Sep. 22, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-48313

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode allows Stored XSS. This issue affects Tripadvisor Shortcode: from n/a through 2.2....

Affected Products :
Published: Aug. 28, 2025

Modified: Aug. 29, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 4478 Results

Browse by Apps

Latest CVE Feed

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

5.9

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable