Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    CVSS31
    CVE-2025-31130

    gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implem... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.6

    CVSS31
    CVE-2025-32138

    Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17.... Read more

    Affected Products : easy_google_maps
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-32179

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.4.... Read more

    Affected Products : maps_for_wp
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS30
    CVE-2025-26401

    Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-32053

    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-32183

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube allows Stored XSS. This issue affects Video Playlist For YouTube: from n/a through 6.6.... Read more

    Affected Products : video_playlist_for_youtube
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-31381

    Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-31800

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-32185

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.319.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-31768

    Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31858

    Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31736

    Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31795

    Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31789

    Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TextMe SMS: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-32186

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Turbo Addons Turbo Addons for Elementor allows DOM-Based XSS. This issue affects Turbo Addons for Elementor: from n/a through 1.7.1.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-32190

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartwpress Musician's Pack for Elementor allows DOM-Based XSS. This issue affects Musician's Pack for Elementor: from n/a through 1.8.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.5

    CVSS31
    CVE-2025-31758

    Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31581

    Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Video Playlist: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-31729

    Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-32175

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Filter Search allows Stored XSS. This issue affects VK Filter Search: from n/a through 2.14.1.0.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025
Showing 20 of 378 Results
© cvefeed.io
Latest DB Update: Apr. 05, 2025 14:07