Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-58286

    dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passw... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-34499

    AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious ... Read more

    Affected Products : anydesk
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-14132

    The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13747

    The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products : newstatpress
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-14074

    The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber_duplicate' function in all versions up to, and including, 6.3.3. This makes... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-13993

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_description' and 'success_message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and outp... Read more

    Affected Products : mailerlite_signup_forms
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-13664

    A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.... Read more

    Affected Products : quartus_prime_standard
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12348

    The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-10583

    The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-leve... Read more

    Affected Products : wp_fastest_cache
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-14138

    The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4690 Results