Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-22059

    In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk->sk_rmem_alloc. __udp_enqueue_schedule_skb() has the following condition: if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) goto drop... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22065

    In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22066

    In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22067

    In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over the entire cdns_mrvl_xspi_clk_div_list ar... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22068

    In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complet... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22070

    In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m defaul... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22080

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're bo... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22081

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. Fix it by using size_add().... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-6408

    The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : slider
    • Published: Jul. 31, 2024
    • Modified: May. 06, 2025

  • 8.4

    HIGH
    CVE-2024-38890

    An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-r... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2024-38881

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-3915

    The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated att... Read more

    Affected Products : aeropage_sync_for_airtable
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3914

    The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticat... Read more

    Affected Products : aeropage_sync_for_airtable
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-2105

    The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for a... Read more

    Affected Products : jupiter_x_core
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-13808

    The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the wid... Read more

    Affected Products : xpro_addons_for_elementor
    • Published: Apr. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-12414

    The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthe... Read more

    Affected Products : store_locator
    • Published: Dec. 13, 2024
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-13825

    The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : email_keep
    • Published: Mar. 08, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13826

    The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : email_keep
    • Published: Mar. 08, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25962

    An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-25403

    Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection
Showing 20 of 291358 Results