Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-32278

    Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery. This issue affects Table Block by RioVizual: from n/a through 2.1.7.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32268

    Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery. This issue affects QR Code Tag for WC: from n/a through 1.9.36.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32271

    Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32272

    Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32270

    Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1.... Read more

    Affected Products : broadstreet
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32261

    Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32267

    Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-5930

    The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to ... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2007-6695

    Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.... Read more

    Affected Products : drake_cms
    • Published: Feb. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0574

    Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.... Read more

    Affected Products : webspell
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-32238

    Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress ... Read more

    • Published: Apr. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-0494

    Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtain... Read more

    Affected Products : firewall
    • Published: Jan. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-32233

    Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a throu... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32232

    Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6.... Read more

    Affected Products : stafflist
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32231

    Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bookingor: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-4592

    The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possib... Read more

    Affected Products :
    • Published: Jun. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-0576

    Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7... Read more

    Affected Products : project_issue_tracking_module
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0497

    Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.... Read more

    Affected Products : nucleus_cms
    • Published: Jan. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10065

    An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE... Read more

    Affected Products : otrs
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-1413

    Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : snews_cms_rus
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293545 Results