Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-9710

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.... Read more

    Affected Products : responsive_lightbox
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-9703

    The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerabi... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-11308

    A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remo... Read more

    Affected Products :
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-11305

    A vulnerability has been found in UTT HiPER 840G up to 3.1.1-190328. Affected by this issue is the function strcpy of the file /goform/formTaskEdit. The manipulation of the argument txtMin2 leads to buffer overflow. Remote exploitation of the attack is po... Read more

    Affected Products :
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11304

    A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be... Read more

    Affected Products :
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-8917

    A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resul... Read more

    Affected Products : clearml_enterprise_server
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-61198

    A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browse... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2025-61197

    An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges via the application stores user privilege/role information in clien... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-11309

    A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the argument sort results in sql injection. It is possible ... Read more

    Affected Products :
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-11289

    A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Man... Read more

    Affected Products : cicadascms
    • Published: Oct. 05, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-0607

    Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-10383

    The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all versions up to, and including, 27.0.2. This is due to insufficient input sanitizat... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-39932

    In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) In smbd_destroy() we may destroy the memory so we better wait until post_send_credits_work is no lo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-61962

    In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.... Read more

    Affected Products : fetchmail
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9485

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verifi... Read more

    Affected Products : oauth_single_sign_on
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-39948

    In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi-buffer frames The ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each buffer in the current frame. This function was introduced as part o... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39936

    In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() When 9770b428b1a2 ("crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown") moved ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-9886

    The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/a... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-9952

    The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'range-date' parameter in all versions up to, and including, 5.20.2 due to insufficient input san... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-9029

    The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkit_handle_review_submission function in versions less than, or equal to, 1.2.16. Th... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 3813 Results