Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-66148

    Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15392

    A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to ... Read more

    Affected Products : kodicms
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-66151

    Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62755

    Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.... Read more

    Affected Products : gs_portfolio_for_envato
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62116

    Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31054

    Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-66154

    Missing Authorization vulnerability in merkulove Couponer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-66156

    Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-66155

    Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-28973

    Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-62122

    Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2020-36903

    Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by ins... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2020-36904

    Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ ... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-62098

    Missing Authorization vulnerability in Totalsoft Portfolio Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through 1.4.8.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2021-47740

    KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially c... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-62088

    Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-49349

    Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63031

    Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62095

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neilgee Bootstrap Modals allows Stored XSS.This issue affects Bootstrap Modals: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62134

    Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1.... Read more

    Affected Products : contact_form_widget
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4604 Results