Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11285

    The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via th... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-11286

    The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. ... Read more

    Affected Products : jobcareer
    • Published: Mar. 14, 2025
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50196

    Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit... Read more

    Affected Products : sketchup_viewer sketchup
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 8.1

    HIGH
    CVE-2025-33070

    Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-33071

    Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-0966

    IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5585

    The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : siteorigin_widgets_bundle
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5927

    The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated att... Read more

    Affected Products : everest_forms
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-20264

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insuf... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-6915

    A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-5832

    Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authen... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-5833

    Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication ... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-5834

    Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authenticat... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-6689

    The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user s... Read more

    Affected Products : fl3r_accessibility_suite
    • Published: Jun. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6766

    A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument o... Read more

    Affected Products : hosp_order
    • Published: Jun. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-53091

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint... Read more

    Affected Products : wegia
    • Published: Jun. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-5937

    The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ... Read more

    Affected Products : micropayments
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-6818

    A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The expl... Read more

    Affected Products : hdf5
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-32897

    Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incu... Read more

    Affected Products : seata
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    HIGH
    CVE-2025-6825

    A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293625 Results