Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32491

    Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-32144

    Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager allows Object Injection. This issue affects Job Board Manager: from n/a through 2.1.60.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32143

    Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10.... Read more

    Affected Products : accordion
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-32107

    OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31599

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31565

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10.... Read more

    Affected Products : wpsmartcontracts
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-31379

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here allows Reflected XSS. This issue affects Insert HTML Here: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31378

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter allows Reflected XSS. This issue affects Oppso Unit Converter: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31041

    Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-31040

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-31028

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31021

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31015

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress S... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-31014

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-3512

    There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2636

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attacke... Read more

    Affected Products : instawp_connect
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-1386

    When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-32816

    CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-26335

    Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information ... Read more

    Affected Products : powerprotect_cyber_recovery
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-0128

    A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. R... Read more

    Affected Products : pan-os
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293508 Results