Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-66589

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a sy... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-66590

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system cra... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2024-58308

    Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative acces... Read more

    Affected Products : quick.cms
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-58770

    APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Inte... Read more

    Affected Products : aptio_v
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-10451

    Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-65120

    Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be execu... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-53523

    Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary scrip... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-14160

    The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-13987

    The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'sup_pt_handle_deletion' function. This makes it possible for una... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-13963

    The FX Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fxcc_convert' shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13962

    The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'latestdive' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-13334

    The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze_demo_importer_install_demo" function in all versions up to, and including, 1.0.13. This makes it p... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-12834

    The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure_message' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This... Read more

    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12830

    The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2024-58298

    Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parame... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-66588

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2024-58302

    FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive s... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-13363

    The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.4

    MEDIUM
    CVE-2025-14467

    The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.9. This is due to the plugin explicitly whitelisting the `<script>` tag in its `WPJOBPORTAL_ALLOWED_TAGS` configuration and using... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-14393

    The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5325 Results