Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-30832

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-30831

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post allows PHP Local File Inclusion. This issue affects Themify Event Post: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-30830

    Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-30829

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.31.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-30828

    Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30826

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator allows DOM-Based XSS. This issue affects IP Locator: from n/a through 4.1.0.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-30824

    Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1.... Read more

    Affected Products : textmetrics
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30823

    Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.2.... Read more

    Affected Products : anthologize
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025

  • 4.3

    MEDIUM
    CVE-2025-30822

    Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-30821

    Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-30820

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite allows PHP Local File Inclusion. This issue affects WishSuite: from n/a through 1.4.4.... Read more

    Affected Products : wishsuite
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-30819

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways allows SQL Injection. This issue affects Simple Giveaways: from n/a through 2.48.1.... Read more

    Affected Products : simple_giveaways
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-30818

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-30817

    Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13.... Read more

    Affected Products : z_companion
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30816

    Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery. This issue affects publish post email notification: from n/a through 1.0.2.3.... Read more

    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30815

    Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-30814

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid allows PHP Local File Inclusion. This issue affects The Post Grid: from n/a through 7.7.17.... Read more

    Affected Products : the_post_grid
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-30813

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30812

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor allows Stored XSS. This issue affects SKT Addons for Elementor: from n/a through 3.5.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-30811

    Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292721 Results