Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-6344

    A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scrip... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 26, 2024
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2025-52900

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by t... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-52902

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-6701

    A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack... Read more

    Affected Products : xxl-sso
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6702

    A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to la... Read more

    Affected Products : litemall
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-52928

    Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.... Read more

    Affected Products : windows arc
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6843

    A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible ... Read more

    • Published: Jun. 29, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-5123

    The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : contact_us_page_-_contact_people
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5938

    The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() fu... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5950

    The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : indieblocks
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5282

    The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes ... Read more

    Affected Products : wp_travel_engine
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-38824

    Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-4315

    The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta... Read more

    Affected Products : cubewp
    • Published: Jun. 11, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5144

    The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : the_events_calendar
    • Published: Jun. 11, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4973

    The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior t... Read more

    Affected Products : workreap
    • Published: Jun. 12, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5012

    The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and includi... Read more

    Affected Products : workreap
    • Published: Jun. 12, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-4479

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitizatio... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4571

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. T... Read more

    Affected Products : givewp
    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-4965

    The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : page_builder
    • Published: Jun. 19, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6280

    A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of th... Read more

    Affected Products : superagi
    • Published: Jun. 19, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293522 Results