Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-26955

    Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Industrial Lite: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-26954

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect allows Reflected XSS. This issue affects ZooEffect: from n/a through 1.11.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-26944

    Missing Authorization vulnerability in NotFound JetPopup allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetPopup: from n/a through 2.0.11.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26942

    Missing Authorization vulnerability in NotFound JetTricks allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetTricks: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26894

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. This issue affects Coming Soon, Maintenance Mode: from n/a thr... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-26889

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows PHP Local File Inclusion. This issue affects hockeydata LOS: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-26745

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSTheme RS Elements Elementor Addon allows Stored XSS. This issue affects RS Elements Elementor Addon: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26744

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetBlog allows DOM-Based XSS. This issue affects JetBlog: from n/a through 2.4.3.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-26743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS. This issue affects Advance WP Query Search Filter: from n/a through 1.0.10.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-26741

    Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-32943

    The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-1688

    Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, o... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-2083

    The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-3579

    In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-3578

    A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possi... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-3575

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-3574

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2024-45712

    SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.... Read more

    Affected Products : serv-u
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-3622

    A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-3576

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions... Read more

    • Published: Apr. 15, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cryptography
Showing 20 of 293493 Results