Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    CVSS31
    CVE-2025-48299

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects YayExtra: from n/a through 1.5.5.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-48295

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.5.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 4.4

    CVSS31
    CVE-2025-48294

    Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from n/a through 3.90.0.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    CVSS31
    CVE-2025-48167

    Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.3

    CVSS31
    CVE-2025-48166

    Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 7.6

    CVSS31
    CVE-2025-48161

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.... Read more

    Affected Products : yaysmtp
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.5

    CVSS31
    CVE-2025-48156

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image Wall: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.3

    CVSS31
    CVE-2025-48155

    Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 7.1

    CVSS31
    CVE-2025-48153

    Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 4.3

    CVSS31
    CVE-2025-48150

    Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.1

    CVSS31
    CVE-2024-9343

    In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.... Read more

    Affected Products : glassfish
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 9.8

    CVSS31
    CVE-2024-9342

    In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.... Read more

    Affected Products : glassfish
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-10032

    In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.... Read more

    Affected Products : glassfish
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    CVSS31
    CVE-2024-10031

    In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.... Read more

    Affected Products : glassfish
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.1

    CVSS31
    CVE-2024-10029

    In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.... Read more

    Affected Products : glassfish
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 0.0

    NONE
    CVE-2025-7699

    An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization check... Read more

    Affected Products : data_master
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.4

    CVSS31
    CVE-2025-7035

    The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping... Read more

    Affected Products : media_library_assistant
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 7.5

    CVSS31
    CVE-2025-6993

    The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corr... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 6.4

    CVSS31
    CVE-2025-5284

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS extension in all versions up to, and including, 2.0.8.2 due to... Read more

    Affected Products : master_addons
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 0.0

    NONE
    CVE-2025-40985

    SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
Showing 20 of 326 Results
© cvefeed.io
Latest DB Update: Jul. 17, 2025 14:09