Latest CVE Feed
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of
the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable.
You can also sort the list based on the published date, last updated date, or CVSS score.
-
5.9
MEDIUMCVE-2025-48305
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-48963
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-8977
The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ... Read more
Affected Products : simple_download_monitor- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection