Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-32299

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-32296

    Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Link Directory Pro: from n/a through 14.7.3.... Read more

    Affected Products : simple_link_directory
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32295

    Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon Booking Pro: from n/a through 10.10.2.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-32290

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky HTML5 Music Player allows SQL Injection. This issue affects Sticky HTML5 Music Player: from n/a through 3.1.6.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-32287

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: fr... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-32245

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Apollo allows SQL Injection. This issue affects Apollo: from n/a through 3.6.3.... Read more

    Affected Products : apollo
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-32180

    Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n/a through 1.8.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-31928

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support allows SQL Injection. This issue affects Multimedia Responsive Carousel with I... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-31926

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player allows SQL Injection. This issue affects Sticky Radio Player: from n/a through 3.4.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-31923

    Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31922

    Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31921

    Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery. This issue affects WP Ultimate Tours Builder: from n/a through 1.055.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-31915

    Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-31641

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider allows SQL Injection. This issue affects UberSlider: from n/a through 2.3.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-31640

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-31639

    Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-31637

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.... Read more

    Affected Products : shout
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-31630

    Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-31071

    Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31068

    Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293584 Results