Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31787

    Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22319

    Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49510

    Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-21016

    Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-0899

    Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Pa... Read more

    Affected Products : weblogic_server
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-23991

    Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22591

    Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87.... Read more

    Affected Products : 1003_mortgage_application
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31798

    Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-8595

    The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-6730

    The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in all versions up to, and including, 1.0.0. This makes it possible for au... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-48962

    Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.... Read more

    Affected Products : cyber_protect
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-22562

    Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4.... Read more

    Affected Products : title_experiments_free
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30854

    Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7... Read more

    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30856

    Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4.... Read more

    Affected Products : custom_field_for_wp_job_manager
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-22563

    Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4.... Read more

    Affected Products : pretty_url
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30863

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms,... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1348

    Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.... Read more

    Affected Products : eweather
    • Published: Mar. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-48786

    A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.... Read more

    Affected Products : forticlientems
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1342

    Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenan... Read more

    Affected Products : bpm_suite collageportal
    • Published: Mar. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-31808

    Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor allows Cross Site Request Forgery. This issue affects SCSS WP Editor: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 294276 Results