Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2025-58203

    Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2025-58072

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 9.6

    CRITICAL
    CVE-2025-43728

    Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-58194

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3.... Read more

    Affected Products : bold_page_builder
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-58204

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5.... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-43729

    Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthoriz... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-58201

    Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-9528

    A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launch... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34163

    Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-48315

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48320

    Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-48324

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster allows Stored XSS. This issue affects tli.tl auto Twitter poster: from n/a through 3.4.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-9527

    A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The e... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-6255

    The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-48327

    Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-48357

    Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit allows Cross Site Request Forgery. This issue affects Century ToolKit: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-48352

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58212

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-30040

    The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-30063

    The configuration file containing database logins and passwords is readable by any local user.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4397 Results