Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-29925

    XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if... Read more

    Affected Products : xwiki
    • Published: Mar. 19, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-32783

    XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. Th... Read more

    Affected Products : xwiki
    • Published: Apr. 16, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-32969

    XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQ... Read more

    Affected Products : xwiki
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45429

    In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-1524

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1525

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29046

    Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value... Read more

    Affected Products : wifi_camppro_firmware wifi_camppro
    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29047

    Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser... Read more

    Affected Products : wifi_camppro_firmware wifi_camppro
    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-46238

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1.... Read more

    Affected Products : list_last_changes
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-46249

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4.... Read more

    Affected Products : simple_calendar_for_elementor
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-46250

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Stored XSS. This issue affects VForm: from n/a through 3.1.14.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-56406

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator,... Read more

    Affected Products : perl
    • Published: Apr. 13, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2021-47248

    In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). Both racing functions acqui... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20259

    A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a c... Read more

    • Published: Mar. 27, 2024
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2021-47251

    In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2025-46251

    Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2023-5482

    Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %8.21
    • Published: Nov. 01, 2023
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-45473

    In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.03
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2022-45381

    Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able... Read more

    Affected Products : pipeline_utility_steps
    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-45380

    Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission... Read more

    Affected Products : junit
    • EPSS Score: %0.68
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291205 Results