Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.9 CRITICAL
CVE-2025-60218 — WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability

Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2025-60205 — WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.

addons | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-60085 — WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2025-59872 — HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a…

zie_for_web | Remote | Misconfiguration
Jun 17, 2026 Jun 26, 2026
Jun 17, 2026
Jun 26, 2026
8.8 HIGH
CVE-2025-59563 — WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-59560 — WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-58954 — WordPress HomeRoofer theme <= 2.11.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-58953 — WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-58952 — WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-58924 — WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Geya <= 1.15 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2025-49403 — WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrar…

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.8 HIGH
CVE-2025-48643 — Citrix Gateway Privilege Escalation Vulnerability

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User i…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.0 HIGH
CVE-2025-48640 — Third-Party Passkey Pairing Approval Vulnerability

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no ad…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.8 HIGH
CVE-2025-48617 — CarrierConfigLoader UID Bypass Privilege Escalation

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution p…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
4.3 MEDIUM
CVE-2025-48571 — BTM SMS Interception Information Disclosure

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no addit…

android | Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-31013 — WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2025-15642 — Netskope Client Service Insufficient Access Controls

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to wea…

netskope | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2025-15641 — Netskope Client Exposed IOCTL with Insufficient Access Controls

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sendi…

netskope | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2024-52488 — WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerabi…

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2024-49269 — WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7989 Results