Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2025-49403 — WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrar…

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.8 HIGH
CVE-2025-48643 — Citrix Gateway Privilege Escalation Vulnerability

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User i…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.0 HIGH
CVE-2025-48640 — Third-Party Passkey Pairing Approval Vulnerability

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no ad…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.8 HIGH
CVE-2025-48617 — CarrierConfigLoader UID Bypass Privilege Escalation

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution p…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
4.3 MEDIUM
CVE-2025-48571 — BTM SMS Interception Information Disclosure

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no addit…

android | Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-31013 — WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2025-15642 — Netskope Client Service Insufficient Access Controls

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to wea…

netskope | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2025-15641 — Netskope Client Exposed IOCTL with Insufficient Access Controls

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sendi…

netskope | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2024-52488 — WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerabi…

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2024-49269 — WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-37496 — WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulne…

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-37210 — WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Contr…

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-35690 — WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerabil…

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-35648 — WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vuln…

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-34810 — WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.3 MEDIUM
CVE-2024-33909 — WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.

ipages_flipbook | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-33685 — WordPress Startupzy theme <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.3 HIGH
CVE-2024-32949 — WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a thro…

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2024-32729 — WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerab…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational…

conversational_forms_for_chatbot | Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-31435 — WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.6 - Broken Acce…

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: fro…

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7970 Results