Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-10880

    All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-7691

    A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-9490

    The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : popup_maker
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8200

    The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : mega_elements
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-10871

    An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding th... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-1862

    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-10307

    The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible... Read more

    Affected Products : backuply
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-60154

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jennifer Moss MWW Disclaimer Buttons allows Stored XSS. This issue affects MWW Disclaimer Buttons: from n/a through 3.41.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-10136

    The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-60117

    Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core allows Cross Site Request Forgery. This issue affects Vehica Core: from n/a through 1.0.100.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-10137

    The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations orig... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.5

    LOW
    CVE-2025-10867

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected Grap... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-60106

    Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-10752

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomne... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-60136

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-10961

    A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-60139

    Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping allows Cross Site Request Forgery. This issue affects Sendle Shipping: from n/a through 6.02.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-10858

    An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-60119

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10.... Read more

    Affected Products : coschedule
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-11015

    A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restrict... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4276 Results