Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-67594

    Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-67592

    Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-33111

    IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.... Read more

    Affected Products : cognos_controller controller
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-67593

    Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.... Read more

    Affected Products : userswp
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-67638

    Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : jenkins
    • Published: Dec. 10, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-66545

    Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerabi... Read more

    Affected Products : group_folders notes
    • Published: Dec. 05, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-67474

    Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-46266

    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentia... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-13978

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access throu... Read more

    Affected Products : gitlab
    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-13125

    Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This issue affects DijiDemi: through 2... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-63013

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.... Read more

    Affected Products : wp_hotel_booking
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-67595

    Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.... Read more

    Affected Products : quiz_maker
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-67599

    Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Autom... Read more

    Affected Products : decorator
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-67598

    Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.... Read more

    Affected Products : supportcandy
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-67591

    Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-67589

    Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packi... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-67596

    Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-63070

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-40819

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass ... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-49350

    Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3.... Read more

    Affected Products : actionwear_products_sync
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 4784 Results