Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-58704

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows Stored XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58702

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebWizards MarketKing allows Stored XSS. This issue affects MarketKing: from n/a through 2.0.92.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54995

    Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. Th... Read more

    Affected Products : asterisk
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29889

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-58265

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps allows Stored XSS. This issue affects Events Manager – OpenStreetMaps: from n/a through ... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58263

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget allows Stored XSS. This issue affects BuddyPress Notification Widget: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58254

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor allows Stored XSS. This issue affects StylePress for Elementor: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58233

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Guaven Labs SQL Chart Builder allows DOM-Based XSS. This issue affects SQL Chart Builder: from n/a through 2.3.7.2.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58231

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitlydeveloper Bitly allows Stored XSS. This issue affects Bitly: from n/a through 2.7.4.... Read more

    Affected Products : bitly
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58030

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list allows Stored XSS. This issue affects Page-list: from n/a through 5.7.... Read more

    Affected Products : page-list
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58022

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxpagels ShortCode allows Stored XSS. This issue affects ShortCode: from n/a through 0.8.1.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58020

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8.... Read more

    Affected Products : theater_for_wordpress
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5519

    Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.6.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-58019

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Search Atlas SEO allows Stored XSS. This issue affects Search Atlas SEO: from n/a through 2.5.4.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5518

    Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.This issue affects BILGER: before 2.4.6.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-10540

    iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can inte... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-58008

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xnau webdesign Participants Database allows Stored XSS. This issue affects Participants Database: from n/a through 2.7.6.3.... Read more

    Affected Products : participants_database
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57993

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Pick Geolocation IP Detection allows Stored XSS. This issue affects Geolocation IP Detection: from n/a through 5.5.0.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57983

    Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-10950

    A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserializ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4467 Results