Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31544

    Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-31543

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twice Commerce Twice Commerce allows DOM-Based XSS. This issue affects Twice Commerce: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-31542

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro allows Blind SQL Injection. This issue affects My auctions allegro: from n/a through 3.6.20.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-31540

    Missing Authorization vulnerability in acmemediakits ACME Divi Modules allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ACME Divi Modules: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-31539

    Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1.... Read more

    Affected Products : cryptocurrency_widgets_pack
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-31538

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9.... Read more

    Affected Products : checklist
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-31535

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PressTigers Simple Owl Carousel allows DOM-Based XSS. This issue affects Simple Owl Carousel: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-31533

    Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-31532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat allows Stored XSS. This issue affects AtomChat: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-31530

    Missing Authorization vulnerability in smackcoders Google SEO Pressor Snippet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Google SEO Pressor Snippet: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31529

    Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31528

    Missing Authorization vulnerability in wokamoto StaticPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaticPress: from n/a through 0.4.5.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-31527

    Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery. This issue affects WP Link Preview: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.5

    HIGH
    CVE-2025-31526

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-2996

    A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. T... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 31, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-2995

    A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access cont... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 31, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-29266

    Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.... Read more

    Affected Products : unraid
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-55093

    phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.... Read more

    Affected Products : phpipam
    • Published: Mar. 31, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-3022

    Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-2994

    A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is po... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 292275 Results