Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10667

    The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 4.3

    MEDIUM
    CVE-2025-30811

    Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32791

    The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permi... Read more

    Affected Products : backstage
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-26367

    A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-2104

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes... Read more

    Affected Products : pagelayer
    • Published: Mar. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-2197

    Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.... Read more

    Affected Products : baidu
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-32728

    In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.... Read more

    Affected Products : debian_linux openssh
    • Published: Apr. 10, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-23407

    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23423

    Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23684

    Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-22316

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32962

    Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 ... Read more

    Affected Products : flask-appbuilder flask-appbuilder
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-32494

    Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.... Read more

    Affected Products : recaptcha_jetpack
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32274

    Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Cross Site Request Forgery. This issue affects WP w3all phpBB: from n/a through 2.9.2.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32269

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable ... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32263

    Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32236

    Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: fro... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32228

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-32235

    Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a... Read more

    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32227

    Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0.... Read more

    Affected Products : asgaros_forum
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication
Showing 20 of 293622 Results