Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-6196

    A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected ... Read more

    Affected Products : enterprise_linux libgepub
    • Published: Jun. 17, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-49882

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23.... Read more

    Affected Products : cubewp
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49881

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.... Read more

    Affected Products : responsive_blocks
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-49880

    Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-49879

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-49878

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-49877

    Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.... Read more

    Affected Products : profilegrid
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-49875

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through ... Read more

    Affected Products : dynamic_content_personalization
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-49874

    Missing Authorization vulnerability in tychesoftwares Arconix FAQ allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Arconix FAQ: from n/a through 1.9.6.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-49872

    Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.... Read more

    Affected Products : mycred
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-49871

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.... Read more

    Affected Products : noptin
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-49868

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.... Read more

    Affected Products : funnelkit_automations
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-49865

    Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-49864

    Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.... Read more

    Affected Products : afs_analytics
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-49863

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6.... Read more

    Affected Products : advanced_sermons
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-49862

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.... Read more

    Affected Products : ebook_store
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49861

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3.... Read more

    Affected Products : kama_click_counter
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49859

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49858

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17.... Read more

    Affected Products : arconix_shortcodes
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291802 Results