Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-67569

    Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.... Read more

    Affected Products : adforest
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-67571

    Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63054

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-67576

    Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.... Read more

    Affected Products : simple_link_directory
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63049

    Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-64667

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 5.3

    MEDIUM
    CVE-2025-63023

    Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63028

    Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63068

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Exte... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-40941

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of ta... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-67579

    Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.... Read more

    Affected Products : user_extra_fields
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-67578

    Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.... Read more

    Affected Products : wp_email_capture
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-67570

    Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/... Read more

    Affected Products : wpforms_google_sheet_connector
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13636

    Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-53965

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR t... Read more

    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-12579

    The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset ... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13696

    The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization check... Read more

    Affected Products : zigaform
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-68430

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT s... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12876

    The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possibl... Read more

    Affected Products : projectopia
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14220

    A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and m... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4918 Results