Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-23386

    A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27081

    A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-22279

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-32687

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-32668

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3.... Read more

    Affected Products : real_estate_manager
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-32282

    Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-32275

    Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.... Read more

    Affected Products : survey_maker
    • Published: Apr. 10, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-32260

    Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10.... Read more

    Affected Products : dethemekit_for_elementor
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-32259

    Missing Authorization vulnerability in Alimir WP ULike. This issue affects WP ULike: from n/a through 4.7.9.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32244

    Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32243

    Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32242

    Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32240

    Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32236

    Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: fro... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32230

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.... Read more

    Affected Products : tutor_lms
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-32228

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-32227

    Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0.... Read more

    Affected Products : asgaros_forum
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-32221

    Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4.... Read more

    Affected Products : eazydocs
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-32216

    Missing Authorization vulnerability in Spider Themes Spider Elements – Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spider Elements – Addons for Elementor: from n/a through 1.6.2.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32215

    Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Stored XSS. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18.... Read more

    Affected Products : accessibility_suite_by_online_ada
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results