Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-63000

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through 2.30.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-59130

    Cross-Site Request Forgery (CSRF) vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-59136

    Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through 3.1.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-62143

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.... Read more

    Affected Products : video_and_media_plug-in
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-62095

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neilgee Bootstrap Modals allows Stored XSS.This issue affects Bootstrap Modals: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-62134

    Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1.... Read more

    Affected Products : contact_form_widget
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-62140

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65.... Read more

    Affected Products : locatoraid_store_locator
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23705

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through 2.5.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-49337

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-49355

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-15017

    A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or exec... Read more

    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-2026

    The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-o... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-62117

    Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through 1.1.1704.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-62743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5.... Read more

    Affected Products : mybook_table_bookstore
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62744

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through 2.5.9.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62748

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder... Read more

    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49358

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-66148

    Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62747

    Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-63040

    Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.... Read more

    Affected Products : post_snippets
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4659 Results