Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-49928

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49927

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49936

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.... Read more

    Affected Products : woodmart
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12249

    A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate ... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-13998

    Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password has... Read more

    Affected Products : nagios_xi xi
    • Published: Nov. 03, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-33132

    IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.... Read more

    • Published: Oct. 28, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-64354

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2.... Read more

    Affected Products : gutenberg
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-33131

    IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.... Read more

    • Published: Oct. 28, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-13114

    A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly av... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-11971

    GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.... Read more

    Affected Products : gitlab
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54970

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job own... Read more

    Affected Products : socet_gxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-13119

    A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.... Read more

    Affected Products : simple_e-banking_system
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-62024

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through <= 1.2.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62060

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through <= 1.8.... Read more

    Affected Products : tab_ultimate
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62063

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.9.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62058

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62068

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.... Read more

    Affected Products : e2pdf
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62706

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allow... Read more

    Affected Products : authlib
    • Published: Oct. 22, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-12118

    The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD ... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8413

    The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `soundcloud` shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3952 Results