Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-49959

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through <= 1.1.6.... Read more

    Affected Products : bbpress_move_topics
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49992

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.... Read more

    Affected Products : learnpress
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49951

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcrunch gAppointments gAppointments allows Reflected XSS.This issue affects gAppointments: from n/a through <= 1.14.1.... Read more

    Affected Products : gappointments
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49947

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49945

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through <= 1.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49953

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeinity ShareBang, Ultimate Social Share Buttons for WordPress sharebang allows Reflected XSS.This issue affects ShareBang, Ultimate Social Share Butt... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-37147

    A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerab... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-49958

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-52743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through <= 1.4.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-9339

    SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-55200

    BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input location being the "Username" field and the output location on the "Shared... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48098

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8.... Read more

    Affected Products : survey_maker
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49948

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49930

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.... Read more

    Affected Products : jetsearch
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62495

    An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a ... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-10696

    OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party... Read more

    Affected Products : opensupports
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-48092

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through <= 1.2.3.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49911

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a t... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49946

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy Auto Login After Registration auto-login-after-registration allows Reflected XSS.This issue affects Auto Login After Registration: f... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59976

    An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker ... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3881 Results