Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-3715

    The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : bold_page_builder
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-37891

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its s... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2025-36560

    Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.... Read more

    Affected Products : a-blog_cms
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-48117

    Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48119

    Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-48120

    Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4.... Read more

    Affected Products : mapsvg_lite
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-48121

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-48128

    Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-4795

    A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to ini... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-4804

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a local... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4391

    The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unau... Read more

    Affected Products : echo_rss_feed_post_generator
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-41429

    a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.... Read more

    Affected Products : a-blog_cms
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46801

    Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or ta... Read more

    Affected Products : pgpool-ii
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-4477

    The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-4610

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on ... Read more

    Affected Products : wp-members
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-22233

    CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring ... Read more

    Affected Products : spring_framework
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-1958

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated use... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-1956

    The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-1292

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wpb_show_core
    • Published: Apr. 08, 2024
    • Modified: May. 19, 2025
Showing 20 of 292793 Results