Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-60197

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a th... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-62950

    Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-62038

    Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-62032

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through < 3.9.2.... Read more

    Affected Products : cloud_library
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-9338

    A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional ... Read more

    Affected Products : armoury_crate
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-5770

    A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are ... Read more

    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62057

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-62039

    Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator ... Read more

    Affected Products : chatgpt_assistant
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-59392

    On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-62075

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12563

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authent... Read more

    Affected Products : blog2social
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-60235

    Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: f... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-58243

    Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-54737

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.... Read more

    Affected Products : jobmonster
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-58207

    Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-60245

    Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.... Read more

    Affected Products : wp_user_manager
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-11271

    The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_overr... Read more

    Affected Products : easy_digital_downloads
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-58998

    Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-22397

    Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation o... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-60207

    Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields f... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4016 Results