Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2025-67468

    Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrati... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-67470

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure
  • 4.3

    MEDIUM
    CVE-2025-66545

    Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerabi... Read more

    Affected Products : group_folders notes
    • Published: Dec. 05, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-43541

    A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexp... Read more

    Affected Products : macos iphone_os safari ipados visionos
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption
  • 4.3

    MEDIUM
    CVE-2025-63067

    Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-13756

    The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-62733

    Cross-Site Request Forgery (CSRF) vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through <= 1.0.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 4.3

    MEDIUM
    CVE-2025-13309

    The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a ... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-67636

    A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.... Read more

    Affected Products : jenkins
    • Published: Dec. 10, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-63056

    Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.5.... Read more

    Affected Products : contact_form
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-43536

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected proces... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption
  • 4.3

    MEDIUM
    CVE-2025-13629

    The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplp_api_update_text' function. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 4.3

    MEDIUM
    CVE-2025-12370

    The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-12577

    The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and inc... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-12574

    The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-14163

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for un... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 4.3

    MEDIUM
    CVE-2025-66526

    Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.... Read more

    Affected Products : tablesome
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-13143

    The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnect_account_action ... Read more

    Affected Products : poll\,_survey_\&_quiz_maker
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 4.3

    MEDIUM
    CVE-2025-13125

    Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This issue affects DijiDemi: through 2... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-67588

    Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.... Read more

    Affected Products : website_builder
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 4856 Results