Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-48250

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce allows Stored XSS. This issue affects Coupons & Add to Cart by URL Links for WooComm... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48249

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6.... Read more

    Affected Products : ean_for_woocommerce
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48248

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products allows Stored XSS. This issue affects Sitewide Discount for WooCommerce: Appl... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-48247

    Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-48246

    Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-48244

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-48243

    Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.26.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-48242

    Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5.... Read more

    Affected Products : legal_pages
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-48240

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Cost of Goods for WooCommerce allows Stored XSS. This issue affects Cost of Goods for WooCommerce: from n/a through 3.7.0.... Read more

    Affected Products : cost_of_goods_for_woocommerce
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48239

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce allows Stored XSS. This issue affects Product Notes Tab & Private Admin Notes for WooCo... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48238

    Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through 1.0.18.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-48237

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 3.2.2.... Read more

    Affected Products : wishlist_for_woocommerce
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-48236

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net allows Stored XSS. This issue affects bunny.net: from n/a through 2.3.0.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48235

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS. This issue affects WP Image Mask: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48234

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.3.0.... Read more

    Affected Products : ultimate_blocks
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48233

    Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-48232

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through 1.5.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-43714

    The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.... Read more

    Affected Products : chatgpt
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-3908

    The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.... Read more

    Affected Products : linux_kernel openvpn3linux
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-30072

    Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm.... Read more

    Affected Products : twx1hakv2_firmware twx1hakv2
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 293600 Results