Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-3079

    A passback vulnerability which relates to office/small office multifunction printers and laser printers.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025

  • 9.9

    CRITICAL
    CVE-2025-39402

    Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-39365

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-43838

    Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-39451

    Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16.... Read more

    Affected Products : jetblocks_for_elementor
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-39405

    Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-43841

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-43835

    Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39398

    Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-39394

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.... Read more

    Affected Products : analyticswp
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-39375

    Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-39368

    Missing Authorization vulnerability in ed4becky Rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through 3.7.5.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-26867

    Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-23981

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22790

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23988

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-39353

    Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-39364

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Product Category Slider for WooC... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-39374

    Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through 1.0.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-43840

    Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292803 Results