Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-49356

    Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-69206

    Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The app... Read more

    Affected Products : hemmelig
    • Published: Dec. 29, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-63004

    Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through 1.14.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-25068

    Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-43501

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an une... Read more

    Affected Products : macos iphone_os safari ipados visionos
    • Published: Dec. 17, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2026-22032

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter ... Read more

    Affected Products : directus
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-7733

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled ke... Read more

    Affected Products : jobcareer
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-28619

    Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-13750

    The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `/webp-converter/v1/regenerate-attachment` REST endpoint in all versions up to... Read more

    Affected Products : webp_converter_for_media
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-69284

    Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is acce... Read more

    Affected Products : plane
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-62148

    Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-13110

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-69023

    Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62190

    Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages int... Read more

    Affected Products : mattermost_server
    • Published: Dec. 17, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-68386

    Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in t... Read more

    Affected Products : kibana
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62084

    Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through 2.3.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-69012

    Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-43535

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected proces... Read more

    Affected Products : macos iphone_os safari ipados visionos
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-14399

    The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and downlo... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-69025

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales poptics allows Retrieve Embedded Se... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4488 Results