Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-22549

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pablo Cornehl WP Github allows Stored XSS.This issue affects WP Github: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22548

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Koenen ldap_login_password_and_role_manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through 1.0.12.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22547

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22546

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in One Plus Solution jQuery TwentyTwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22545

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22544

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks allows Stored XSS.This issue affects Mind Doodle Visual Sitemaps & Tasks: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22543

    Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-22541

    Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through 5.5.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-22538

    Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-22536

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-22534

    Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-22533

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WOOEXIM.COM WOOEXIM allows SQL Injection.This issue affects WOOEXIM: from n/a through 5.0.0.... Read more

    Affected Products : wooexim
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22531

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1.... Read more

    Affected Products : urdu_formatter
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22530

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SIOT 아임포트 결제버튼 생성 플러그인 allows Stored XSS.This issue affects 아임포트 결제버튼 생성 플러그인: from n/a through 1.1.19.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22529

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22528

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a through 1.5.6.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22525

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0.... Read more

    Affected Products : donation_block_for_paypal
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22524

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in instaform.ir فرم ساز فرم افزار allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22522

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293510 Results