Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-12128

    The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-43536

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected proces... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-10055

    The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-63739

    An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.... Read more

    Affected Products : rockoa
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-13362

    The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-59009

    Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-12512

    The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under `generateblocks/v1... Read more

    Affected Products : generateblocks
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-59001

    Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.... Read more

    Affected Products : salient_core
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62993

    Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through <= 3.4.7.... Read more

    Affected Products : notification_for_telegram
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-64239

    Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-67948

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Mark... Read more

    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-14158

    The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attack... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-64238

    Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54045

    Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from ... Read more

    Affected Products : cm_on_demand_search_and_replace
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-14394

    The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's s... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-14395

    The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all versions up to, and including, 1.2. This makes it possible fo... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12407

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.2.2. This is due to missing or incorrect nonce validation on the 'location_delete' actio... Read more

    Affected Products : events_manager
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-64244

    Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Column... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11247

    GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing speci... Read more

    Affected Products : gitlab
    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-63015

    Missing Authorization vulnerability in paysera WooCommerce Payment Gateway &#8211; Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway &#8211; Paysera: ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 5207 Results