Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-58921

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through <= 1.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-58916

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through <= 0.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53297

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Envato Affiliates wooenvato allows Reflected XSS.This issue affects Woocommerce Envato Affiliates: from n/a through <= 1.2.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-21067

    Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Oct. 10, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-53229

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav RockON DJ rockon allows Reflected XSS.This issue affects RockON DJ: from n/a through <= 3.3.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53234

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core allows Reflected XSS.This issue affects UDesign Core: from n/a through <= 4.14.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53238

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toast Plugins Toast Mobile Menu toast-responsive-menu allows Stored XSS.This issue affects Toast Mobile Menu: from n/a through <= 1.0.7.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52754

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in selloio Sello ChannelConnector sello-channelconnector allows Reflected XSS.This issue affects Sello ChannelConnector: from n/a through <= 1.6.3.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52763

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through <= 1.08.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52770

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through <= 2.5.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-21068

    Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Oct. 10, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-61604

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protect... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-52750

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through <= 0.83b.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52748

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows Reflected XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.... Read more

    Affected Products : directory_pro
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52749

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Activity Track Uji Countdown uji-countdown allows Reflected XSS.This issue affects Uji Countdown: from n/a through <= 2.3.3.... Read more

    Affected Products : uji_countdown
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-46819

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exist... Read more

    Affected Products : redis
    • Published: Oct. 03, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-60246

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through <= 1.4.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49959

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through <= 1.1.6.... Read more

    Affected Products : bbpress_move_topics
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-33040

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3815 Results