Latest Vulnerabilities
Latest Found
The latest vulnerability announcements
- CVE-2025-7846 - WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function
- CVE-2025-8489 - King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
- CVE-2025-5397 - Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
- CVE-2025-58152 - Century Systems Co., Ltd. FutureNet MA and IP-K series Information Disclosure
- CVE-2025-54763 - "Century Systems Co., Ltd. FutureNet MA and IP-K series OS Command Injection Vulnerability"
- CVE-2025-11191 - RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST
- CVE-2025-11806 - Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
- CVE-2025-11975 - FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
- CVE-2025-23050 - Qt QLowEnergyController Bluetooth ATT Command Handling Vulnerability
- CVE-2025-6176 - Brotli decompression bomb DoS in scrapy/scrapy
CISA Advisories
The latest advisories from CISA
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
- Hitachi Energy TropOS
- New Guidance Released on Microsoft Exchange Server Security Best Practices
- CISA Releases Two Industrial Control Systems Advisories
- International Standards Organization ISO 15118-2
- Schneider Electric EcoStruxure
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
- Vertikal Systems Hospital Manager Backend Services
- CISA Releases Three Industrial Control Systems Advisories
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
