Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-55165

    Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. Th... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-52386

    CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2025-51691

    Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly s... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 3.7

    LOW
    CVE-2025-4056

    A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.... Read more

    Affected Products : glib windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 13, 2025

  • 6.4

    MEDIUM
    CVE-2025-3075

    The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitizat... Read more

    Affected Products : website_builder
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025

  • 8.0

    HIGH
    CVE-2025-6238

    The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenti... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jul. 04, 2025
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2025-8068

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2025-8151

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access an... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2025-8401

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data' function. This makes it possible for authenticated attackers, with Author-... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-5570

    The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jul. 08, 2025
    • Modified: Aug. 13, 2025

  • 8.8

    HIGH
    CVE-2025-4796

    The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details lik... Read more

    Affected Products : eventin
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-7205

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. T... Read more

    Affected Products : givewp
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 8.8

    HIGH
    CVE-2025-5953

    The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-suppl... Read more

    Affected Products : wp_human_resource_management
    • Published: Jul. 04, 2025
    • Modified: Aug. 13, 2025

  • 8.1

    HIGH
    CVE-2025-5956

    The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-suppl... Read more

    Affected Products : wp_human_resource_management
    • Published: Jul. 04, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2024-49828

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions w... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025

  • 8.4

    HIGH
    CVE-2025-48071

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompres... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 4.6

    MEDIUM
    CVE-2025-48074

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to e... Read more

    Affected Products : openexr
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2024-51473

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025

  • 4.6

    MEDIUM
    CVE-2025-48073

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is pos... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 7.3

    HIGH
    CVE-2025-20210

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentica... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Aug. 13, 2025
Showing 20 of 290955 Results