Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-63057

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6.... Read more

    Affected Products : wp_ultimate_review
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-63067

    Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63076

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through <= 2.7.11.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Path Traversal

  • 1.3

    LOW
    CVE-2025-66622

    matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service co... Read more

    Affected Products : matrix-rust-sdk
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40935

    A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-40820

    Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a de... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-40800

    A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002... Read more

    Affected Products : simcenter_femap solid_edge_se2025
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40341

    In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-63047

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.... Read more

    Affected Products : listingpro
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63050

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through <= 19.9.8.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63075

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.1.7.... Read more

    Affected Products : betheme
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63055

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.... Read more

    Affected Products : master_addons
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-40336

    In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like m... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-66631

    CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to r... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-5470

    Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-40339

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 0.0

    NA
    CVE-2025-40331

    In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bou... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40333

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-63072

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through <= 7.7.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-63077

    Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 5227 Results