Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-13387

    The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-41742

    Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access an... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cryptography

  • 4.6

    MEDIUM
    CVE-2025-66403

    FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting (XSS) vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. Th... Read more

    Affected Products : filerise
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-8351

    Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 bef... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-13829

    Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes us... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13835

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19.... Read more

    Affected Products : arconix_shortcodes
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-11772

    A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.... Read more

    Affected Products : fingerprint_driver
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-13724

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products : vikrentcar
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-13697

    The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 d... Read more

    Affected Products : blockart_blocks
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-66412

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular... Read more

    Affected Products : angular
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-66410

    Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete a... Read more

    Affected Products : gin-vue-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-13731

    The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-13140

    The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes i... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-66405

    Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-spec... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-13696

    The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization check... Read more

    Affected Products : zigaform
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-10971

    Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-13875

    A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation o... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-13090

    The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing ... Read more

    Affected Products : wp_directory_kit
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13295

    Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-13879

    Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/a... Read more

    Affected Products : solidserver_ipam
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4872 Results