Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-5926

    The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5841

    The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-5491

    Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to int... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5288

    The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possibl... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5233

    The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5123

    The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : contact_us_page_-_contact_people
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4586

    The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products : irm_newsroom
    • Published: Jun. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4585

    The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products : irm_newsroom
    • Published: Jun. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4584

    The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : irm_newsroom
    • Published: Jun. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-47959

    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-30399

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-4232

    An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-4231

    A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to explo... Read more

    Affected Products : pan-os
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-4230

    A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN... Read more

    Affected Products : pan-os
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-4228

    An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-4233

    An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-41234

    Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribu... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-41233

    Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  wi... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-49589

    PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execu... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-44091

    yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.... Read more

    Affected Products : crud
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291618 Results