Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5109

    A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi... Read more

    • Published: May. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5108

    A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unr... Read more

    Affected Products : shopxo
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-5107

    A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initia... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-48292

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.... Read more

    Affected Products : tour_master
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-48289

    Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-48287

    Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through 1.6.9.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-48286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.... Read more

    Affected Products : redi_restaurant_reservation
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-48283

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.... Read more

    Affected Products : majestic_support
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-48275

    Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-48273

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.... Read more

    Affected Products : wp_job_portal
    • Published: May. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-48271

    Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-48245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.... Read more

    Affected Products : quick_contact_form
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48241

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.... Read more

    Affected Products : verge3d
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47690

    Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-47687

    Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-47680

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06.... Read more

    Affected Products : xili-tidy-tags
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-47678

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-47673

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.... Read more

    Affected Products : arconix_shortcodes
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-47672

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a... Read more

    Affected Products : discord_integration
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2025-47671

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection
Showing 20 of 292769 Results