Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-9824

    ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, i... Read more

    Affected Products : mautic
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-58632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-9823

    SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization o... Read more

    Affected Products : mautic
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-9516

    The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view th... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2025-58604

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58608

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-6085

    The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-9616

    The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-43772

    Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-9937

    A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been relea... Read more

    Affected Products : eladmin
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-58644

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-58635

    Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58623

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58624

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58616

    Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-2417

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-20335

    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerabi... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-8268

    The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated ... Read more

    Affected Products : ai_engine
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-6785

    Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with softw... Read more

    Affected Products : model_3_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25048

    IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted dire... Read more

    Affected Products : jazz_foundation
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4261 Results