Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-60095

    Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1.... Read more

    Affected Products : stackable
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-60097

    Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5.... Read more

    Affected Products : thegem
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-60092

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-60040

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf allows Stored XSS. This issue affects wp-mpdf: from n/a through 3.9.1.... Read more

    Affected Products : wp-mpdf
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-60019

    glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-60093

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-59010

    Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite allows Retrieve Embedded Sensitive Data. This issue affects Permalink Manager Lite: from n/a through 2.5.1.3.... Read more

    Affected Products : permalink_manager_lite
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-60100

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3.... Read more

    Affected Products : xstore
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-60184

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink allows Stored XSS. This issue affects SEO Search Permalink: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58917

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce allows Stored XSS. This issue affects Quantities and Units for WooCommerce: from n/a through 1.0.13.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-11013

    A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-60103

    Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8.... Read more

    Affected Products : listingpro
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-60165

    Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-58914

    Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer allows Cross Site Request Forgery. This issue affects Di Themes Demo Site Importer: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-60186

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-60166

    Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-59816

    This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-60167

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-60101

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-11021

    A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds me... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4331 Results