Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-13964

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthent... Read more

    Affected Products : learnpress
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13920

    The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses f... Read more

    Affected Products : wp_directory_kit
    • Published: Jan. 24, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-0676

    Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-22041

    Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The proble... Read more

    Affected Products : logging_redactor
    • Published: Jan. 08, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2020-37026

    Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and pas... Read more

    Affected Products :
    • Published: Jan. 30, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2020-37007

    Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by t... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-14757

    The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJAX ac... Read more

    Affected Products : cost_calculator_builder
    • Published: Jan. 16, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-7048

    On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption ... Read more

    Affected Products : eos
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-14819

    When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's ... Read more

    Affected Products : curl
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-23511

    ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user ... Read more

    Affected Products : zitadel
    • Published: Jan. 15, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2026-24633

    Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a... Read more

    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13215

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This mak... Read more

    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-22691

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref ... Read more

    Affected Products : pypdf
    • Published: Jan. 10, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-31051

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Them... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14524

    When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.... Read more

    Affected Products : curl
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-36419

    IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system.... Read more

    Affected Products : applinx
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-12648

    The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) ... Read more

    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-24619

    Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a throug... Read more

    Affected Products : popcash.net_code_integration_tool
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24607

    Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24615

    Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization
Showing 20 of 4783 Results