Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.3

    MEDIUM
    CVE-2025-63002

    Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-61950

    In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSe... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-12883

    The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-11991

    The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for... Read more

    Affected Products : jetformbuilder
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-66130

    Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through <= 2.1.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-12525

    The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protect... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure
  • 5.3

    MEDIUM
    CVE-2025-12655

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2024-58291

    Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, pot... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.3

    MEDIUM
    CVE-2025-20751

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interacti... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service
  • 5.3

    MEDIUM
    CVE-2025-67929

    Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-29934

    A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption
  • 5.3

    MEDIUM
    CVE-2025-13318

    The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` funct... Read more

    Affected Products : booking_calendar
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-12877

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including... Read more

    Affected Products : idonate
    • Published: Nov. 22, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-12747

    The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated a... Read more

    Affected Products : tainacan
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure
  • 5.3

    MEDIUM
    CVE-2025-13317

    The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint (cpabc_appointments_check_IPN_veri... Read more

    Affected Products : appointment_booking_calendar
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-67492

    Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENAB... Read more

    Affected Products : weblate
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Misconfiguration
  • 5.3

    MEDIUM
    CVE-2025-13314

    The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2025-20750

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service
  • 5.3

    MEDIUM
    CVE-2025-40605

    A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intende... Read more

    • Published: Nov. 20, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal
  • 5.3

    MEDIUM
    CVE-2025-12841

    The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options.... Read more

    Affected Products : bookit
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4572 Results