Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-14721

    The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2023-53960

    SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parame... Read more

    Affected Products : stream
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53959

    FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the... Read more

    Affected Products : filezilla_client
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-68481

    FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them t... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-14548

    The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products : calendar
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13838

    The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter of the 'wishsuite_button' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. Thi... Read more

    Affected Products : wishsuite
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68330

    In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-12581

    The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-13329

    The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes ... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-13624

    The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-14633

    The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'file_download' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2025-14735

    The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12492

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members f... Read more

    Affected Products : ultimate_member
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-7733

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled ke... Read more

    Affected Products : jobcareer
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15033

    A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through po... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-68548

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-53962

    SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafte... Read more

    Affected Products : stream
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2023-53965

    SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68341

    In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP no_direct return section to fix race As explain in commit fa349e396e48 ("veth: Fix race with AF_XDP exposing old or uninitialized descriptors") for veth there is a chan... Read more

    Affected Products : linux_kernel
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Race Condition

  • 8.7

    HIGH
    CVE-2025-34458

    wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 fram... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4197 Results