Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-32660

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more

    Affected Products : js_job_manager
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32658

    Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-32655

    Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32653

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud allows Reflected XSS. This issue affects Cart66 Cloud: from n/a through 2.3.7.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-32652

    Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-32651

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS. This issue affects SERPed.net: from n/a through 4.6.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32649

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3.... Read more

    Affected Products : gb_gallery_slideshow
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-32648

    Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.... Read more

    Affected Products : projectopia
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-32647

    Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-32646

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32639

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite allows Reflected XSS. This issue affects Affiliate Links Lite: from n/a through 3.1.0.... Read more

    Affected Products : affiliate_links_lite
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32638

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS. This issue affects ShopApper: from n/a through 0.4.39.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32637

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate allows Stored XSS. This issue affects WP Donate: from n/a through 2.0.... Read more

    Affected Products : wp_donate
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-32636

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-32635

    Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-32634

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP allows Reflected XSS. This issue affects Run Contests, Raffles, and Giveaways with ContestsWP... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32630

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n/a through 3.1... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32628

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce allows Reflected XSS. This issue affects Crowdfunding for WooCommerce: from n/a through 3.1.12.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-32626

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more

    Affected Products : js_job_manager
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-32625

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages allows Reflected XSS. This issue affects Mobile Pages: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293588 Results