Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-1796

    The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output es... Read more

    • Published: Mar. 15, 2024
    • Modified: Jul. 07, 2025

  • 7.2

    HIGH
    CVE-2025-2940

    The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web request... Read more

    Affected Products : ninja_tables
    • Published: Jun. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-2249

    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and outpu... Read more

    • Published: Mar. 14, 2024
    • Modified: Jul. 07, 2025

  • 6.4

    MEDIUM
    CVE-2025-5398

    The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user ... Read more

    Affected Products : ninja_forms
    • Published: Jun. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-24044

    Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-6350

    The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization an... Read more

    Affected Products : wp_vr
    • Published: Jun. 28, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6379

    The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and abo... Read more

    Affected Products : vidmov
    • Published: Jun. 28, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-6381

    The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access an... Read more

    Affected Products : vidmov
    • Published: Jun. 28, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-2079

    The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escap... Read more

    Affected Products : wpbakery_page_builder_addons
    • Published: Mar. 13, 2024
    • Modified: Jul. 07, 2025

  • 5.5

    MEDIUM
    CVE-2025-49178

    A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-34067

    An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT dese... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-32079

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-32074

    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32071

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32070

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32068

    Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-32067

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-30012

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this mal... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before ... Read more

    Affected Products : ckeditor_4
    • Published: Jan. 09, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6540

    The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products : web-cam
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293647 Results