Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2025-68590

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n...

Affected Products : database_for_contact_form_7\,_wpforms\,_elementor_forms
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Injection
8.1

HIGH

CVE-2025-68587

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5....

Affected Products : watu_quiz
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2025-68585

Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execut...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authentication
8.1

HIGH

CVE-2025-68581

Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.1...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.7

HIGH

CVE-2018-25137

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configu...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Information Disclosure
8.8

HIGH

CVE-2025-68580

Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Cross-Site Request Forgery
8.1

HIGH

CVE-2025-68579

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.1

HIGH

CVE-2025-68578

Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.7

HIGH

CVE-2025-43876

Under certain circumstances a successful exploitation could result in access to the device....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2025-68577

Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
7.5

HIGH

CVE-2025-68576

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Information Disclosure
6.1

MEDIUM

CVE-2025-68574

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Eleme...

Affected Products : wpbakery_visual_composer_whmcs_elements
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Cross-Site Scripting
8.8

HIGH

CVE-2025-68573

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Cross-Site Request Forgery
8.8

HIGH

CVE-2025-68571

Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0....

Affected Products : salesmanago
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
9.8

CRITICAL

CVE-2025-68570

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Injection
7.5

HIGH

CVE-2025-68568

Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.T...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9....

Affected Products : userpro
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
9.8

CRITICAL

CVE-2025-68537

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Path Traversal
5.4

MEDIUM

CVE-2025-68525

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Category Icon category-icon allows Stored XSS.This issue affects Category Icon: from n/a through <= 1.0.2....

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 3994 Results

Browse by Apps

Latest CVE Feed

9.8

8.1

8.8

8.8

8.1

8.7

8.8

8.1

8.1

8.7

8.8

7.5

6.1

8.8

8.8

9.8

7.5

8.8

9.8

5.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable