Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-46097

    TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another... Read more

    Affected Products : testlink
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-5335

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-8030

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 28, 2024
    • Modified: Jul. 10, 2025

  • 7.2

    HIGH
    CVE-2022-2440

    The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call file... Read more

    Affected Products : theme_editor
    • Published: Aug. 29, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-7435

    The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject... Read more

    Affected Products : attire_blocks attire
    • Published: Aug. 31, 2024
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25411

    A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.... Read more

    Affected Products : flatpress
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-13451

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads ... Read more

    Affected Products : contact_form_builder bit_form
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2024-7620

    The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with A... Read more

    Affected Products : customizer_export\/import
    • Published: Sep. 07, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2023-37230

    Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-26652

    Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-44867

    phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.... Read more

    Affected Products : phpok
    • Published: Sep. 10, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-26651

    Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-26649

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 6.4

    MEDIUM
    CVE-2025-2330

    The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping... Read more

    Affected Products : all-in-one_addons_for_elementor
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-29804

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-53006

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" wit... Read more

    Affected Products : dataease
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025

  • 7.3

    HIGH
    CVE-2025-29802

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-29801

    Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : autoupdate
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-7031

    Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-5322

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible fo... Read more

    Affected Products : vikrentcar
    • Published: Jul. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291741 Results