Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-46441

    Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-37910

    In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call __handle_signal_outputs() or __handle_signal_inputs() while the... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37897

    In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion is incorrect, because even if it was possible, it would n... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37903

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When us... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37901

    In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should no... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-39370

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-39396

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-39366

    Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4322

    The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it poss... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-47944

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload ... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-47949

    samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by... Read more

    Affected Products : samlify
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-47581

    Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-47582

    Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.... Read more

    Affected Products : wpot
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-47282

    Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative p... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-43832

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through 0.6.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025

  • 7.6

    HIGH
    CVE-2025-43833

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-41226

    VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a... Read more

    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-41229

    VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.... Read more

    Affected Products : cloud_foundation
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-41225

    The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.... Read more

    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-41230

    VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.... Read more

    Affected Products : cloud_foundation
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292803 Results