Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2025-58009

    Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-58681

    Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-59526

    mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generateP... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-58238

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress allows Stored XSS. This issue affects PilotPress: from n/a through 2.0.35.... Read more

    Affected Products : pilotpress
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-58247

    Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-58010

    Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery. This issue affects SV Proven Expert: from n/a through 2.0.06.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-59433

    Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library'... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-58019

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Search Atlas SEO allows Stored XSS. This issue affects Search Atlas SEO: from n/a through 2.5.4.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-58013

    Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL allows Privilege Escalation. This issue affects CouponXxL: from n/a through 4.5.0.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-9960

    A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.... Read more

    Affected Products : is-localhost-ip
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-58029

    Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Classic Widgets with Block-based Widgets: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58020

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8.... Read more

    Affected Products : theater_for_wordpress
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58232

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ickata Image Editor by Pixo allows DOM-Based XSS. This issue affects Image Editor by Pixo: from n/a through 2.3.8.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58008

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xnau webdesign Participants Database allows Stored XSS. This issue affects Participants Database: from n/a through 2.7.6.3.... Read more

    Affected Products : participants_database
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58234

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager allows Stored XSS. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more

    Affected Products : js_job_manager
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58018

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Leishman Mail Subscribe List allows Stored XSS. This issue affects Mail Subscribe List: from n/a through 2.1.10.... Read more

    Affected Products : mail_subscribe_list
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-59583

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything allows DOM-Based XSS. This issue affects Penci Filter Everything: from n/a through n/a.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-58011

    Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery. This issue affects Content Mask: from n/a through 1.8.5.2.... Read more

    Affected Products : content_mask
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.8

    LOW
    CVE-2025-58012

    Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2.... Read more

    Affected Products : content_mask
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58002

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD bbPress Tools allows DOM-Based XSS. This issue affects GD bbPress Tools: from n/a through 3.5.3.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4476 Results