Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-2026

    The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-o... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-62080

    Cross-Site Request Forgery (CSRF) vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-63005

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9.... Read more

    Affected Products : wordpress_tooltips
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-62084

    Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through 2.3.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-62136

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Melos allows Stored XSS.This issue affects Melos: from n/a through 1.6.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49358

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62749

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62757

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-62114

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcelo Torres Download Media Library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through 0.2.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-62129

    Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through 3.2.4.2.... Read more

    Affected Products : restropress
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62143

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.... Read more

    Affected Products : video_and_media_plug-in
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-62747

    Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2021-47740

    KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially c... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-62138

    Missing Authorization vulnerability in CedCommerce WP Advanced PDF allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-62091

    Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce... Read more

    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-62120

    Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through 4.3.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-62108

    Missing Authorization vulnerability in SaifuMak Add Custom Codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through 4.80.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63000

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through 2.30.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62758

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8.... Read more

    Affected Products : funnelforms_free
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-15227

    BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : bpmflowwebkit
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4612 Results