Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-4966

    The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenti... Read more

    Affected Products : wp_online_users_stats
    • Published: Jun. 06, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-4964

    The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat... Read more

    Affected Products : wp_online_users_stats
    • Published: Jun. 06, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5341

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input saniti... Read more

    Affected Products : forminator forminator_forms
    • Published: Jun. 05, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21171

    .NET Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-29808

    Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more

    Affected Products : windows_server_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-29805

    Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : outlook
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-30399

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-52995

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more ... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5539

    The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization an... Read more

    Affected Products : wp_easy_contact
    • Published: Jun. 04, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-5103

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied par... Read more

    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-2939

    The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauth... Read more

    Affected Products : ninja_tables
    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-4857

    The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include an... Read more

    Affected Products : newsletters
    • Published: May. 31, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-4691

    The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation o... Read more

    • Published: May. 31, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-3430

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3429

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3428

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3427

    The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi... Read more

    Affected Products : 3dprint_lite
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-7363

    The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowin... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7362

    The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. ... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-6019

    A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the u... Read more

    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 293615 Results