Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-54668

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3.... Read more

    Affected Products : mycred
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2025-54669

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a.... Read more

    Affected Products : mapsvg
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-54672

    Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.... Read more

    Affected Products : photo_engine
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.9

    MEDIUM
    CVE-2025-54683

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 9.9

    CRITICAL
    CVE-2025-24775

    Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0.... Read more

    Affected Products : forms
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.1

    HIGH
    CVE-2025-25172

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4.... Read more

    Affected Products : vidmov
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-49044

    Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-49054

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-49062

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-49063

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 10.0

    CRITICAL
    CVE-2011-10017

    Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell c... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-29014

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-30639

    Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.5

    HIGH
    CVE-2025-30998

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.... Read more

    Affected Products : wp_links_page
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-31425

    Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-3703

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n... Read more

    Affected Products : css_\&_javascript_toolbox
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-48293

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Geo Mashup: from n/a through 1.13.16.... Read more

    Affected Products : geo_mashup
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.5

    HIGH
    CVE-2025-49033

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3.... Read more

    Affected Products : profilegrid
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.9

    MEDIUM
    CVE-2025-49047

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects DigitalOcean Spaces Sync: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.9

    MEDIUM
    CVE-2025-49048

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet &#8211; User Session Recording and Heatmaps allows Stored XSS. This issue affects Inspectlet &#8211; User Session Recording and Hea... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
Showing 20 of 290974 Results