Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-11794

    Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint... Read more

    Affected Products : mattermost_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-11466

    Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability.... Read more

    Affected Products : allegra
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-50074

    Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 4.9

    MEDIUM
    CVE-2025-53059

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with n... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-62475

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-43504

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.... Read more

    Affected Products : xcode
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2015-10146

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53067

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-12137

    The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths... Read more

    Affected Products : import_wp
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-12020

    The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-11972

    The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-62988

    Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-12620

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parame... Read more

    Affected Products : poll_maker
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53045

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-53044

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-53040

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-10047

    The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient es... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-62476

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-11980

    The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'delete_orphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-10187

    The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficien... Read more

    Affected Products :
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection
Showing 20 of 3808 Results