Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-10047

    The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient es... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53045

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-12020

    The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-53046

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compr... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-62475

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-53059

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with n... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-50074

    Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 4.9

    MEDIUM
    CVE-2025-53067

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-53042

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-62478

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to co... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-62820

    Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.... Read more

    Affected Products : nebula
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-10683

    The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53069

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-12137

    The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths... Read more

    Affected Products : import_wp
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-12620

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parame... Read more

    Affected Products : poll_maker
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-11980

    The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'delete_orphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53411

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-10187

    The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficien... Read more

    Affected Products :
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2015-10146

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-62289

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025
Showing 20 of 3667 Results