Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24160

    The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jan. 27, 2025
    • Modified: Mar. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-23955

    Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3227

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members... Read more

    Affected Products : mattermost_server
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3634

    A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step veri... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-23929

    Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23776

    Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23407

    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23423

    Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23684

    Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3415

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11... Read more

    Affected Products : grafana
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-8319

    The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_functio... Read more

    Affected Products : tourfic
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 4.3

    MEDIUM
    CVE-2025-3880

    The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible... Read more

    Affected Products : poll\,_survey_\&_quiz_maker
    • Published: Jun. 17, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-39425

    Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 4.3

    MEDIUM
    CVE-2025-31752

    Missing Authorization vulnerability in termel Bulk Fields Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Fields Editor: from n/a through 1.8.0.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31888

    Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2.... Read more

    Affected Products : wp_multi_store_locator
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31814

    Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez allows Cross Site Request Forgery. This issue affects OwnerRez: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39589

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-2942

    The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-46257

    Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.... Read more

    Affected Products : element_pack
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31781

    Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gift Cards for WooCommerce: from n/a through 1.5.8.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization
Showing 20 of 293646 Results