Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.4

HIGH

CVE-2025-47957

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_long_term_servicing_channel office_2024 office_2021
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
8.4

HIGH

CVE-2025-47953

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
6.1

MEDIUM

CVE-2023-6978

The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss...

Affected Products : wp_job_manager
Published: Dec. 04, 2024

Modified: Jul. 09, 2025
7.8

HIGH

CVE-2025-47175

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps powerpoint office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021 office_2019 powerpoint_2016
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47174

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_long_term_servicing_channel office_2024 office_2021
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47173

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Authentication
8.8

HIGH

CVE-2025-47172

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Injection
6.7

MEDIUM

CVE-2025-47171

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally....

Affected Products : office 365_apps outlook office_long_term_servicing_channel outlook_2016 office_2024 office_2021 office_2019
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Authentication
7.8

HIGH

CVE-2025-47170

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_2024
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47169

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products
Published: Jun. 10, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
4.3

MEDIUM

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This mak...

Affected Products : element_kit_for_elementor la-studio_element_kit_for_elementor
Published: Dec. 04, 2024

Modified: Jul. 09, 2025
6.4

MEDIUM

CVE-2024-10178

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and ...

Affected Products : gutentor
Published: Dec. 05, 2024

Modified: Jul. 09, 2025
7.2

HIGH

CVE-2024-10247

The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and ...

Affected Products : video_gallery
Published: Dec. 06, 2024

Modified: Jul. 09, 2025
4.8

MEDIUM

CVE-2024-9769

The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it p...

Affected Products : video_gallery
Published: Dec. 06, 2024

Modified: Jul. 09, 2025
7.5

HIGH

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service....

Affected Products : libxml2 grub2 libssh international_components_for_unicode
Published: Jun. 16, 2025

Modified: Jul. 09, 2025

Vuln Type: Denial of Service
7.2

HIGH

CVE-2025-28057

owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order....

Affected Products : owl_admin
Published: May. 13, 2025

Modified: Jul. 09, 2025

Vuln Type: Injection
6.5

MEDIUM

CVE-2025-48270

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks allows DOM-Based XSS. This issue affects SKT Blocks: from n/a through 2.2....

Affected Products : skt_blocks
Published: May. 19, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-48263

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22....

Affected Products : multivendorx
Published: May. 19, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective ...

Affected Products : bootstrap_multiselect
Published: May. 13, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting
7.5

HIGH

CVE-2025-28055

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit...

Affected Products : upset-gal-web
Published: May. 13, 2025

Modified: Jul. 09, 2025

Vuln Type: Path Traversal

Showing 20 of 291867 Results

1
...
588
589
590
591
592
593
594
...
14594

Latest CVE Feed

8.4

8.4

6.1

7.8

7.8

7.8

8.8

6.7

7.8

7.8

4.3

6.4

7.2

4.8

7.5

7.2

6.5

6.5

6.1

7.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable