Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-58813

    Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-58811

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Ultimate Client Dash allows Stored XSS. This issue affects Ultimate Client Dash: from n/a through 4.6.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-58800

    Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.0

    CRITICAL
    CVE-2025-55244

    Azure Bot Service Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_bot_service
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025

  • 6.4

    MEDIUM
    CVE-2025-8684

    The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos... Read more

    Affected Products : flatsome
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-58798

    Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu allows Cross Site Request Forgery. This issue affects BCM Duplicate Menu: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-58887

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder | andré martin - it solutions & research UG Course Booking Platform allows Stored XSS. This issue affects Course Booking Platform: from n/a... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58869

    Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie allows Stored XSS. This issue affects SimaCookie: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-58828

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemstory 코드엠샵 소셜톡 allows Stored XSS. This issue affects 코드엠샵 소셜톡: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58870

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP-GraphViz allows DOM-Based XSS. This issue affects WP-GraphViz: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-48102

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership allows Stored XSS. This issue affects GoUrl Bitcoin Payment Gateway & Paid ... Read more

    Affected Products : gourl
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58787

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup allows Stored XSS. This issue affects Themify Popup: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-58400

    RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-58792

    Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List allows Cross Site Request Forgery. This issue affects Authors List: from n/a through 2.0.6.1.... Read more

    Affected Products : authors_list
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-58846

    Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post,... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-58843

    Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video allows Stored XSS. This issue affects Auto Last Youtube Video: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-58852

    Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager allows Stored XSS. This issue affects MSTW League Manager: from n/a through 2.10.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-58853

    Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light allows Reflected XSS. This issue affects Popping Sidebars and Widgets Light: from n/a through 1.27.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-58867

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Download Media Counter allows Stored XSS. This issue affects Easy Download Media Counter: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58864

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamroody 金数据 allows Stored XSS. This issue affects 金数据: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4266 Results