Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-27315

    Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon allows Cross Site Request Forgery. This issue affects All-In-One Cufon: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-27312

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jenst WP Sitemap allows SQL Injection. This issue affects WP Sitemap: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-27311

    Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator allows Cross Site Request Forgery. This issue affects Bulk Content Creator: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-27307

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama allows Reflected XSS. This issue affects Quotes llama: from n/a through 3.0.1.... Read more

    Affected Products : quotes_llama
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-27306

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pathomation Pathomation allows Stored XSS. This issue affects Pathomation: from n/a through 2.5.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-27305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block allows Stored XSS. This issue affects Table of Contents Block: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-27304

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating with font Awesome allows Stored XSS. This issue affects Contact Form 7 Star Rating with font Awesome: from n/a thr... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-27303

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating allows Stored XSS. This issue affects Contact Form 7 Star Rating: from n/a through 1.10.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-27301

    Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection. This issue affects NHR Options Table Manager: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-27300

    Deserialization of Untrusted Data vulnerability in giuliopanda ADFO allows Object Injection. This issue affects ADFO: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-27298

    Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-27297

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace allows Blind SQL Injection. This issue affects Bravo Search & Replace: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-27296

    Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Ad Inserter – Increase Google Adsense and... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-27294

    Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.... Read more

    Affected Products : wp-asambleas
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-27290

    Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-27280

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alobaidi Archive Page allows DOM-Based XSS. This issue affects Archive Page: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-27277

    Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-27276

    Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-27272

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This issue affects VG PostCarousel: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-27266

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button allows DOM-Based XSS. This issue affects Hover Image Button: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291641 Results