Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-66152

    Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-69349

    Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-15173

    A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possib... Read more

    Affected Products : cachecloud
    • Published: Dec. 29, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-66156

    Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-57681

    The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. The vulnerabilit... Read more

    Affected Products :
    • Published: Jan. 21, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-67282

    In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the ... Read more

    Affected Products : tim_flow
    • Published: Jan. 09, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-67834

    Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.... Read more

    Affected Products : prtg_network_monitor
    • Published: Jan. 14, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-69346

    Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.3.... Read more

    Affected Products : affiliatex
    • Published: Jan. 06, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-66155

    Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-68998

    Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39.... Read more

    Affected Products : social_login
    • Published: Dec. 30, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-66151

    Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-14976

    The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. T... Read more

    Affected Products :
    • Published: Jan. 10, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-15201

    A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is p... Read more

    Affected Products : cachecloud
    • Published: Dec. 29, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-68605

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.18.... Read more

    Affected Products : post_grid
    • Published: Dec. 24, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-66939

    Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file... Read more

    Affected Products : 66biolinks
    • Published: Jan. 12, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-36397

    IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : application_gateway
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62134

    Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1.... Read more

    Affected Products : contact_form_widget
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-69027

    Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date ... Read more

    • Published: Dec. 30, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-21931

    Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component: Brookstrut Sample App). Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged at... Read more

    Affected Products : apex_sample_applications
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026

  • 5.4

    MEDIUM
    CVE-2026-21934

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with netwo... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
Showing 20 of 4626 Results