Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-11172

    The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-59048

    OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS ac... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-62716

    Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that are passed directly to router.push. This resul... Read more

    Affected Products : plane
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10694

    The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up ... Read more

    Affected Products : userfeedback
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-9978

    The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8413

    The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `soundcloud` shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-10488

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and includin... Read more

    Affected Products : directorist
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 8.9

    HIGH
    CVE-2025-4106

    An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-11497

    The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBc_prepare_elements_to_clean() function. This makes i... Read more

    Affected Products : advanced_database_cleaner
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-62169

    OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enfo... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40022

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-40023

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already guarded by the info.skip_pcode flag) so we shoul... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2021-43768

    In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-12080

    On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to... Read more

    Affected Products : wearos
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-12264

    A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-58918

    Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7.... Read more

    Affected Products : entrada
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-12251

    A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-46583

    There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-12267

    A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has b... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-12224

    A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter causes cross site scripting. The attac... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3779 Results