Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    CVSS31
    CVE-2025-54011

    Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a through 1.12.1.... Read more

    Affected Products : smtp2go
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 9.6

    CVSS31
    CVE-2025-54010

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-54009

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters allows Stored XSS. This issue affects JetSmartFilters: from n/a through 3.6.8.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-54006

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.1.... Read more

    Affected Products : bold_page_builder
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 4.3

    CVSS31
    CVE-2025-53997

    Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4.... Read more

    Affected Products : houzez
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53996

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows Stored XSS. This issue affects JetSearch: from n/a through 3.5.10.1.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53995

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows Stored XSS. This issue affects JetPopup: from n/a through 2.0.15.1.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53994

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows DOM-Based XSS. This issue affects JetPopup: from n/a through 2.0.15.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53991

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks allows Stored XSS. This issue affects JetTricks: from n/a through 1.5.4.1.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 7.2

    CVSS31
    CVE-2025-53990

    Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder allows Object Injection. This issue affects JetFormBuilder: from n/a through 3.5.1.2.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53989

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.19.... Read more

    Affected Products : jetblocks_for_elementor
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.3

    CVSS31
    CVE-2025-53986

    Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3.2.10.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53984

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows Stored XSS. This issue affects JetTabs: from n/a through 2.2.9.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-53982

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.7.... Read more

    Affected Products : jetelements_for_elementor
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 7.6

    CVSS31
    CVE-2025-48301

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5.... Read more

    Affected Products : yaysmtp
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-6558

    Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-7656

    Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-7657

    Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025

  • 9.3

    CVSS31
    CVE-2025-41237

    VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 0.0

    NONE
    CVE-2025-53903

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac2... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
Showing 20 of 325 Results
© cvefeed.io
Latest DB Update: Jul. 17, 2025 18:12