Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-2075

    The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper ... Read more

    Affected Products : uncanny_automator
    • Published: Apr. 04, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-2780

    The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for auth... Read more

    Affected Products : woffice
    • Published: Apr. 04, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2797

    The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it poss... Read more

    Affected Products : woffice
    • Published: Apr. 04, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-2798

    The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to regis... Read more

    Affected Products : woffice
    • Published: Apr. 04, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2807

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2808

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escapi... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-3437

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-0161

    IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.... Read more

    Affected Products : security_verify_access
    • Published: Feb. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-26525

    Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-26526

    Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-26527

    Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-26528

    The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-26529

    Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-0719

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : cloud_pak_for_data
    • Published: Feb. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41778

    IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : controller
    • Published: Mar. 01, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2252

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it po... Read more

    Affected Products : easy_digital_downloads
    • Published: Mar. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-2685

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : tablepress
    • Published: Mar. 27, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-6444

    ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vul... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-6445

    ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulner... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2024-30361

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 291400 Results