Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-3750

    The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-1415

    A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-4524

    The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-48056

    Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of ... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-4364

    The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-48015

    Failed login response could be different depending on whether the username was local or central.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-48014

    Password guessing limits could be bypassed when using LDAP authentication.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37950

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit 9a5e08652dc4b ("ocfs2: use an array of folios instead of an array of p... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-47290

    containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The o... Read more

    Affected Products : containerd
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2024-12561

    The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37946

    In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize state of zpci_dev's") the code to ignore... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37978

    In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2024-52013

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52014

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52015

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52016

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allo... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 8.0

    HIGH
    CVE-2024-52022

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-51011

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2025-2240

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial o... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2022-3197

    Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.74
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025
Showing 20 of 292522 Results