Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-30975

    Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection. This issue affects Add Custom Codes: from n/a through 4.80.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-48165

    Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO allows Privilege Escalation. This issue affects DELUCKS SEO: from n/a through 2.6.0.... Read more

    Affected Products : delucks_seo
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-53226

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box allows Reflected XSS. This issue affects Comments Capcha Box: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-53560

    Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This issue affects Noisa: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-53563

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider: from n/a through 3.8.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-53194

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection. This issue affects JetEngine: from n/a through 3.7.0.... Read more

    Affected Products : jetengine_for_elementor
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-53985

    Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs allows Retrieve Embedded Sensitive Data. This issue affects JetTabs: from n/a through 2.2.9.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-54014

    Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54735

    Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24.... Read more

    Affected Products : cubewp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-49424

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-53198

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4.... Read more

    Affected Products : houzez
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-53562

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBaker... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53212

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-53561

    Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0.... Read more

    Affected Products : prevent_files_\/_folders_access
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-9228

    MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-48159

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider WP Plugin: fr... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-54924

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2025-54923

    CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-8289

    The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenti... Read more

    Affected Products : redirection_for_contact_form_7
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-8618

    The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user ... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293261 Results