Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-53565

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion. This issue affects Widget for Google Reviews: from n/a through ... Read more

    Affected Products : widget_for_google_reviews
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-53196

    Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0.... Read more

    Affected Products : jetengine_for_elementor
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-53212

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-53319

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0.... Read more

    Affected Products : raptive_ads
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-53561

    Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0.... Read more

    Affected Products : prevent_files_\/_folders_access
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-54726

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-9228

    MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-9229

    Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.4

    MEDIUM
    CVE-2025-8102

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. Thi... Read more

    Affected Products : easy_digital_downloads
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.1

    MEDIUM
    CVE-2025-43750

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthent... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.7

    MEDIUM
    CVE-2025-4437

    There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file i... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.1

    MEDIUM
    CVE-2025-54174

    QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined... Read more

    Affected Products : quick.cms
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.8

    MEDIUM
    CVE-2025-54172

    QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is... Read more

    Affected Products : quick.cms
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.6

    MEDIUM
    CVE-2025-54175

    QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality.  An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-48159

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider WP Plugin: fr... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 8.4

    HIGH
    CVE-2025-8453

    CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-54924

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.9

    MEDIUM
    CVE-2025-54927

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 8.7

    HIGH
    CVE-2025-54923

    CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 2.3

    LOW
    CVE-2025-8448

    CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network an... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
Showing 20 of 290955 Results