Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31886

    Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.2... Read more

    Affected Products : repuso
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31720

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31831

    Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31721

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31723

    A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.... Read more

    Affected Products : simple_queue
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-28599

    Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.... Read more

    Affected Products : zoom
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-20272

    A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is du... Read more

    • Published: Jul. 16, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-52917

    The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-28902

    Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-48247

    Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31639

    Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-20207

    A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about ... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-31529

    Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-28927

    Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-28910

    Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30467

    The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025

  • 4.3

    MEDIUM
    CVE-2025-52878

    In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-29010

    Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-52767

    Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-27847

    In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication
Showing 20 of 294799 Results