Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-9937

    A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been relea... Read more

    Affected Products : eladmin
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-7385

    Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-20336

    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vu... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-6085

    The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-6785

    Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with softw... Read more

    Affected Products : model_3_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58608

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-58594

    Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.... Read more

    Affected Products : brizy
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58602

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through ... Read more

    Affected Products : dynamic_content_personalization
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-58625

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.... Read more

    Affected Products : wp_flow_plus
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-58604

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-58633

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-58641

    Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.6

    HIGH
    CVE-2025-9959

    Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-9365

    Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-13071

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-34598

    Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-9516

    The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view th... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-9936

    A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is p... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-9931

    A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The a... Read more

    Affected Products : jinher_oa
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58612

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5.... Read more

    Affected Products : propertyhive
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4266 Results