Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-6212

    The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored al... Read more

    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5338

    The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : royal_elementor_addons
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6546

    The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : drive_folder_embedder
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6537

    The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘playicon_title’ parameter in all versions up to, and including, 1.2.00 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : namasha
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5929

    The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products : the_countdown
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6290

    The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products : tournament_bracket_generator
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-5275

    The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficien... Read more

    Affected Products : charitable charitable
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6383

    The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's photonav shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This ... Read more

    Affected Products : wp-photonav
    • Published: Jun. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-40592

    A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio P... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-40580

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the de... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-40579

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the de... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-40577

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40576

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40575

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2025-40574

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the back... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-40573

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-40572

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive infor... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-30176

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), T... Read more

    Affected Products : sinec_nms
    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-30175

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), T... Read more

    Affected Products : sinec_nms
    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-30174

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), T... Read more

    Affected Products : sinec_nms
    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293645 Results