Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-47463

    Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stock Locations for WooCommerce: from n/a through 2.8.6.... Read more

    Affected Products : stock_locations_for_woocommerce
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-47477

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-40668

    Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNe... Read more

    Affected Products : gim
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-40670

    Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.... Read more

    Affected Products : gim
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-32595

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd allows PHP Local File Inclusion. This issue affects Krowd: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-31426

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player allows Reflected XSS. This issue affects Sticky Radio Player: from n/a through 3.4.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-31398

    Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-31429

    Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-31057

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 1.4.0.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31045

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget allows Retrieve Embedded Sensitive Data. This issue affects elfsight Contact Form widget: from n/a through 2.3.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-5890

    A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expressi... Read more

    Affected Products : toolkit
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-5888

    A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit ... Read more

    Affected Products : webstack-guns
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-49652

    Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-49281

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magways allows PHP Local File Inclusion. This issue affects Magways: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49279

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion. This issue affects Blogvy: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49278

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogty allows PHP Local File Inclusion. This issue affects Blogty: from n/a through 1.0.11.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49276

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogmine allows PHP Local File Inclusion. This issue affects Blogmine: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49275

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogbyte allows PHP Local File Inclusion. This issue affects Blogbyte: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-48281

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-48267

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.... Read more

    Affected Products : wp_pipes
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293408 Results