Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-1461

    Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a  Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss  ... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-5256

    SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the d... Read more

    Affected Products : mautic
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-5273

    All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary fi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-5276

    All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5122

    The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5286

    The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : bold_page_builder
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-48047

    An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3818

    A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch t... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-21224

    Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-5953

    The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbi... Read more

    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2023-5137

    The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is d... Read more

    Affected Products : simply_excerpts
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42747

    In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42736

    In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 4.4

    MEDIUM
    CVE-2023-42726

    In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc9863a t310 t606 t610 t612 t616 t618 t760 +2 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-42716

    In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-40076

    In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32863

    In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +14 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32854

    In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALP... Read more

    Affected Products : android mt6835 mt6879 mt6886 mt6895 mt6985 mt8791t mt8797 mt6983 mt8321 +10 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-32843

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +26 more products
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-21216

    In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025
Showing 20 of 293615 Results