Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11180

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and o... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Mar. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-2840

    The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-2803

    The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running ... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2266

    The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This... Read more

    Affected Products : checkout_mestres_wp
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-2249

    The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated a... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2006

    The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenti... Read more

    Affected Products : inline_image_upload_for_bbpress
    • Published: Mar. 29, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-13557

    The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-1217

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting th... Read more

    Affected Products : php
    • Published: Mar. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-7577

    IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-51477

    IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-43186

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-2782

    The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. Thi... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-2781

    The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. ... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-28097

    OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.... Read more

    Affected Products : onenav onenav
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-28096

    OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.... Read more

    Affected Products : onenav onenav
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-28094

    shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-28093

    ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-28092

    ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-28091

    maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.... Read more

    Affected Products : maccms
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-28090

    maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.... Read more

    Affected Products : maccms
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 292845 Results