Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-49957

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue ... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-58971

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49945

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through <= 1.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64134

    Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : jdepend
    • Published: Oct. 29, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2025-34273

    Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deleti... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-53585

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through <= 1.9.1.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62720

    LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. T... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-54737

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.... Read more

    Affected Products : jobmonster
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64198

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through < 10.7.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-61084

    MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-64224

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-54721

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-57107

    Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries b... Read more

    Affected Products : vtk
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-62721

    LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists,... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-54722

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64232

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through <= 3.1.17.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62059

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank.This issue affects SureRank: from n/a through <= 1.3.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62260

    Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows r... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-54718

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59232

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
Showing 20 of 3686 Results