Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-62920

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62937

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through <= 0.5.9.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-34305

    IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenti... Read more

    Affected Products : ipfire ipfire
    • Published: Oct. 28, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-12413

    The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions() function. This makes it possible ... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-62910

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through <= 10.5.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-12269

    A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scrip... Read more

    Affected Products : learnhouse
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62798

    Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, express... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-64199

    Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-62917

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.9.... Read more

    Affected Products : tooltipy
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-64132

    Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-60314

    Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execu... Read more

    Affected Products : simple_web_inventory_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-64210

    Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <=... Read more

    Affected Products : consulting_elementor_widgets
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-64212

    Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-28129

    Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.... Read more

    Affected Products : hostel_management_system
    • Published: Oct. 06, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-64150

    A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing cre... Read more

    Affected Products : publish_to_bitbucket
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-22175

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-22169

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expect... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-24833

    Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41021

    Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability co... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62006

    Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.... Read more

    Affected Products : wp_sms
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 3897 Results