Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-8385

    The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This makes it possible for authenticated attackers, with subscri... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-40106

    In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if cha... Read more

    Affected Products : linux_kernel
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-11602

    Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-12175

    The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-12090

    The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. ... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-34501

    Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often throu... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-48396

    Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-48397

    The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-12367

    The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for a... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12657

    The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.... Read more

    Affected Products : mongodb
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-11755

    The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at l... Read more

    Affected Products : wp_delicious
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-11502

    The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswp_tiny_multiple_faq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output e... Read more

    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-12503

    EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : easyflow_.net
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11995

    The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : community_events
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12118

    The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD ... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-5949

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password chang... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-10897

    The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-11843

    Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a serv... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30188

    Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates ... Read more

    Affected Products : ox_app_suite
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-30191

    Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments a... Read more

    Affected Products : ox_app_suite
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 3942 Results