Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-14397

    The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-9218

    The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This mak... Read more

    Affected Products : rtmedia
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-14451

    The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for u... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-14660

    A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes ... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-14651

    A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The attack may be in... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cryptography

  • 9.4

    CRITICAL
    CVE-2025-36747

    ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-36753

    The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-36754

    The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-14672

    A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. ... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-11707

    The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative ... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-14691

    A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12362

    The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-14674

    A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpress... Read more

    Affected Products : snail-job
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-14698

    A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched loc... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-14038

    EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certai... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-12077

    The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12109

    The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-14050

    The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL q... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-14617

    A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is requir... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-13403

    The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee_spotlight_check_optin() function in all versions up to,... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization
Showing 20 of 5221 Results