Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-11835

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler:... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-62507

    Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is f... Read more

    Affected Products : redis
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-56230

    Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-10622

    A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of ... Read more

    Affected Products : satellite
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-64151

    Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-60925

    codeshare v1.0.0 was discovered to contain an information leakage vulnerability.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-63248

    DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-61431

    A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser vi... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32786

    The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.... Read more

    Affected Products : glpi_inventory
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-11072

    The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12468

    The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is... Read more

    Affected Products : funnelkit_automations
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-62722

    LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by ... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-10907

    An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a us... Read more

    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-12108

    The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-23358

    NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-12197

    The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-11162

    The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-33176

    NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, ... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11749

    The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible f... Read more

    Affected Products : ai_engine
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-12139

    The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for una... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3975 Results