Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.1

    CRITICAL
    CVE-2025-4603

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal
  • 9.8

    CRITICAL
    CVE-2025-5058

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticate... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-5128

    A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql i... Read more

    Affected Products : real_estate_management_system
    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 10.0

    CRITICAL
    CVE-2025-32440

    NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.p... Read more

    Affected Products : netalertx
    • Published: May. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
  • 6.4

    MEDIUM
    CVE-2025-3813

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : royal_elementor_addons
    • Published: May. 31, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting
  • 8.8

    HIGH
    CVE-2025-5482

    The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-s... Read more

    Affected Products : sunshine_photo_cart
    • Published: Jun. 04, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-7193

    A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument supplier leads to sql ... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-7212

    A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql injection. The ... Read more

    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-50213

    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters we... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 7.8

    HIGH
    CVE-2025-6376

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more

    Affected Products : arena
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-6377

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more

    Affected Products : arena
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
  • 6.1

    MEDIUM
    CVE-2025-6234

    The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : hostel
    • Published: Jul. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.8

    MEDIUM
    CVE-2025-6236

    The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : hostel
    • Published: Jul. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting
  • 9.8

    CRITICAL
    CVE-2025-5865

    A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout ... Read more

    Affected Products : rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2024-12835

    Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is requ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025
  • 7.8

    HIGH
    CVE-2024-12834

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025
  • 7.8

    HIGH
    CVE-2024-12836

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025
  • 9.8

    CRITICAL
    CVE-2025-5866

    A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-5867

    A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-5868

    A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validat... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291513 Results