Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2023-42983

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-22873

    Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST reques... Read more

    • Published: Feb. 26, 2024
    • Modified: Jun. 09, 2025

  • 5.9

    MEDIUM
    CVE-2024-27995

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMe... Read more

    Affected Products : armember
    • Published: Mar. 21, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-32926

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-32925

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0.... Read more

    Affected Products : sumo_reward_points
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-3963

    The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    • Published: Jul. 13, 2024
    • Modified: Jun. 09, 2025

  • 8.5

    HIGH
    CVE-2025-32924

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.... Read more

    Affected Products : revy
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-47543

    Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.... Read more

    Affected Products : truebooker
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47542

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.... Read more

    Affected Products : simple_calendar_for_elementor
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-47540

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13.... Read more

    Affected Products : wemail wemail
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-47538

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17.... Read more

    Affected Products : cart_tracking_for_woocommerce
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-47517

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.... Read more

    Affected Products : accept_donations_with_paypal
    • Published: May. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-39528

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS. This issue affects Rescue Shortcodes: from n/a through 3.1.... Read more

    Affected Products : rescue_shortcodes
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-9422

    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.... Read more

    • Published: Nov. 22, 2024
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-25946

    An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially c... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-49599

    Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-49128

    Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 8.9

    HIGH
    CVE-2025-49127

    Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-31585

    FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2023-50010

    FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Jun. 09, 2025
Showing 20 of 293566 Results