Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-12188

    The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpm_naviga... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-12389

    The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and including, 1.6.2. This makes it possible for authentica... Read more

    Affected Products : import_export_for_woocommerce
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11377

    The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authent... Read more

    Affected Products : list_category_posts
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-62723

    FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon (eventual) session ex... Read more

    Affected Products : flashmq
    • Published: Oct. 24, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-58939

    Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5.... Read more

    Affected Products : super_store_finder
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-12069

    The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the `updatewpglobalscreenoptions` action handler. This makes it possible fo... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-11975

    The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() functi... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-43443

    This issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-43427

    This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-43430

    This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-12070

    The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-64137

    A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.... Read more

    Affected Products : themis
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-64148

    A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : publish_to_bitbucket
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62802

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other ... Read more

    Affected Products : dotnetnuke
    • Published: Oct. 28, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-64219

    Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-32199

    A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that ha... Read more

    Affected Products : rancher
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-58269

    A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.... Read more

    Affected Products : rancher
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-64351

    Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-64357

    Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through <= 3.1.6.... Read more

    Affected Products : advanced_database_cleaner
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.2

    MEDIUM
    CVE-2025-11644

    A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3905 Results