Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-2905

    An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolut... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 05, 2025
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2025-4259

    A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestr... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-47245

    In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.... Read more

    Affected Products :
    • Published: May. 04, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-4198

    The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-4188

    The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page.... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-4172

    The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4168

    The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3918

    The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and p... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3779

    The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘widgetId’ parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.9

    LOW
    CVE-2024-58253

    In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-46332

    Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerabili... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2023-53138

    In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. This causes a stack trace like below: BUG: KASAN: use-after-free ... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53125

    In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned ... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53117

    In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53142

    In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, i... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53136

    In the Linux kernel, the following vulnerability has been resolved: af_unix: fix struct pid leaks in OOB support syzbot reported struct pid leak [1]. Issue is that queue_oob() calls maybe_add_creds() which potentially holds a reference on a pid. But s... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53133

    In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: wa... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2021-28656

    Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-47894

    Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alter... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-31862

    Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025
Showing 20 of 292750 Results