Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-54044

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54046

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-54048

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-54055

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-54670

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.... Read more

    Affected Products : oik
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54713

    Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0.... Read more

    Affected Products : ecab_taxi_booking_manager
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-54750

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a throug... Read more

    Affected Products : funnel_builder
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-55715

    Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.... Read more

    Affected Products : otter_blocks
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-9225

    Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5261

    Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8102

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. Thi... Read more

    Affected Products : easy_digital_downloads
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-43750

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthent... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-54174

    QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined... Read more

    Affected Products : quick.cms
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.6

    MEDIUM
    CVE-2025-54175

    QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality.  An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-8453

    CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-50503

    A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2025-8449

    CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-24364

    vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some setti... Read more

    Affected Products : vaultwarden
    • Published: Jan. 27, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-24365

    vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the ... Read more

    Affected Products : vaultwarden
    • Published: Jan. 27, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 9.3

    HIGH
    CVE-2021-27081

    Visual Studio Code ESLint Extension Remote Code Execution Vulnerability... Read more

    • EPSS Score: %7.30
    • Published: Mar. 11, 2021
    • Modified: Aug. 20, 2025
Showing 20 of 292319 Results