Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-30399

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-52995

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more ... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5539

    The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization an... Read more

    Affected Products : wp_easy_contact
    • Published: Jun. 04, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-5103

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied par... Read more

    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-2939

    The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauth... Read more

    Affected Products : ninja_tables
    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-4857

    The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include an... Read more

    Affected Products : newsletters
    • Published: May. 31, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-4691

    The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation o... Read more

    • Published: May. 31, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-3430

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3429

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3428

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3427

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-7363

    The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowin... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7362

    The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. ... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-6019

    A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the u... Read more

    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-53479

    The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override me... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-32722

    Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-32721

    Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-32718

    Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-32716

    Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-32714

    Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 292800 Results