Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-31581

    Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Video Playlist: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31573

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database allows Stored XSS. This issue affects PeproDev CF7 Database: from n/a through 2.0.0.... Read more

    Affected Products : peprodev_cf7_database
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-31558

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. This issue affects TailPress: from n/a through 0.4.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-31554

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso allows Absolute Path Traversal. This issue affects Docxpresso: from n/a through 2.6.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31541

    Missing Authorization vulnerability in turitop TuriTop Booking System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TuriTop Booking System: from n/a through 1.0.10.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31536

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Reflected XSS. This issue affects CF7 Spreadsheets: from n/a through 2.3.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31468

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP_Identicon allows Reflected XSS. This issue affects WP_Identicon: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31467

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flickr Photostream allows Reflected XSS. This issue affects Flickr Photostream: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31442

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Search engine keywords highlighter allows Reflected XSS. This issue affects Search engine keywords highlighter: from n/a through 0.1.3.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31436

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on allows Reflected XSS. This issue affects Blubrry PowerPress Podcasting plugin MultiS... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-31098

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator allows PHP Local File Inclusion. This issue affects DeBounce Email Validator: from n/a through 5.7.... Read more

    Affected Products : email_validator
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31091

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer allows Stored XSS. This issue affects CM Header and Footer: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30916

    Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30915

    Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/... Read more

    Affected Products : small_package_quotes
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-30908

    Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6.... Read more

    Affected Products : web_directory_free
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-30889

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13.... Read more

    Affected Products : testimonial_builder
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-30858

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30611

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30596

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293284 Results