Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-5933

    The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025

  • 4.3

    MEDIUM
    CVE-2025-5924

    The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This... Read more

    Affected Products : wp_firebase_push_notification
    • Published: Jul. 04, 2025
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2025-5567

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escapin... Read more

    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025

  • 7.2

    HIGH
    CVE-2025-5322

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible fo... Read more

    Affected Products : vikrentcar
    • Published: Jul. 03, 2025
    • Modified: Jul. 10, 2025

  • 8.4

    HIGH
    CVE-2025-53367

    DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays ... Read more

    Affected Products : djvulibre
    • Published: Jul. 03, 2025
    • Modified: Jul. 18, 2025

  • 7.5

    HIGH
    CVE-2025-49826

    Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted ... Read more

    Affected Products : next.js
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 3.7

    LOW
    CVE-2025-49005

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to ... Read more

    Affected Products : next.js
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 8.6

    HIGH
    CVE-2025-53370

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arb... Read more

    Affected Products : citizen
    • Published: Jul. 03, 2025
    • Modified: Aug. 22, 2025

  • 8.6

    HIGH
    CVE-2025-53369

    Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML i... Read more

    Affected Products : shortdescription
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 8.6

    HIGH
    CVE-2025-53368

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user wi... Read more

    Affected Products : citizen
    • Published: Jul. 03, 2025
    • Modified: Aug. 22, 2025

  • 4.9

    MEDIUM
    CVE-2025-52554

    n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been s... Read more

    Affected Products : n8n
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 9.3

    CRITICAL
    CVE-2025-34089

    An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 8.6

    HIGH
    CVE-2025-34088

    An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools op... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    CRITICAL
    CVE-2025-34087

    An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain st... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2025-34086

    Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, ... Read more

    Affected Products : bolt
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 9.3

    CRITICAL
    CVE-2025-34082

    A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 3... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 9.3

    CRITICAL
    CVE-2025-34061

    A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests,... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-45809

    BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint.... Read more

    Affected Products : litellm
    • Published: Jul. 03, 2025
    • Modified: Aug. 01, 2025

  • 9.1

    CRITICAL
    CVE-2025-23968

    Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5.... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-6926

    Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before ... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
Showing 20 of 291058 Results