Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-1073

    Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-31411

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-27350

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-22375

    An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a pa... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-22374

    A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unp... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2025-23386

    A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27081

    A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-22279

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-32687

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-32668

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3.... Read more

    Affected Products : real_estate_manager
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-32282

    Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-32275

    Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.... Read more

    Affected Products : survey_maker
    • Published: Apr. 10, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-32260

    Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10.... Read more

    Affected Products : dethemekit_for_elementor
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-32259

    Missing Authorization vulnerability in Alimir WP ULike. This issue affects WP ULike: from n/a through 4.7.9.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32244

    Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32243

    Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32242

    Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32240

    Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32236

    Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: fro... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32230

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.... Read more

    Affected Products : tutor_lms
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293499 Results