Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-57921

    Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2.... Read more

    Affected Products : frontend_file_manager
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57954

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1.... Read more

    Affected Products : poll_maker
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-57969

    Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hide WP Toolbar: from n/a through 2.7.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57926

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster allows Stored XSS. This issue affects Passster: from n/a through 4.2.18.... Read more

    Affected Products : passter
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57955

    Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0.... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57953

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14.... Read more

    Affected Products : open_user_map
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-57919

    Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-43807

    Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to injec... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-57971

    Missing Authorization vulnerability in SALESmanago SALESmanago allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SALESmanago: from n/a through 3.8.1.... Read more

    Affected Products : salesmanago
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-36202

    IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.... Read more

    Affected Products : webmethods
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-57682

    Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-25177

    Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.... Read more

    Affected Products : ddk
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-9541

    The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-9983

    GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. T... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-59797

    Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-57990

    Missing Authorization vulnerability in solwininfotech Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blog Designer: from n/a through 3.1.8.... Read more

    Affected Products : blog_designer
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-35042

    Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-57988

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.0.7.3.... Read more

    Affected Products : uncanny_toolkit_for_learndash
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-46711

    Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.... Read more

    Affected Products : ddk
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-51006

    Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine ... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4202 Results