Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-64663

    Custom Question Answering Elevation of Privilege Vulnerability... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 9.1

    CRITICAL
    CVE-2024-49587

    Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and au... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-64675

    Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : cosmos_db
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025

  • 10.0

    CRITICAL
    CVE-2025-65037

    Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : azure_container_apps
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 6.9

    MEDIUM
    CVE-2025-13427

    An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initial... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2023-53935

    WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive databas... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-14737

    Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-14881

    Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.... Read more

    Affected Products : pretix
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-14455

    The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery manag... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-11747

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri_blog_posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : colibri_page_builder
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64355

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through 2.7.12.... Read more

    Affected Products : jetelements_for_elementor
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-13999

    The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possible fo... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-13754

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at `/w... Read more

    Affected Products : simply_schedule_appointments
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-68278

    Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrar... Read more

    Affected Products : tina
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-63002

    Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-14896

    due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local fi... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-62960

    Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63043

    Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19... Read more

    Affected Products : post_grid
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-34452

    Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. Th... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-64282

    Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 4203 Results