Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-2328

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' function in all versions up to, and including, 1.3.8.7. Thi... Read more

    • Published: Mar. 28, 2025
    • Modified: Aug. 12, 2025

  • 8.1

    HIGH
    CVE-2019-4702

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.... Read more

    • EPSS Score: %0.06
    • Published: Jan. 13, 2021
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2019-4160

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 13, 2021
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2019-4687

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID... Read more

    • EPSS Score: %0.04
    • Published: Jan. 13, 2021
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2019-7401

    NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.... Read more

    Affected Products : unit nginx unit
    • EPSS Score: %3.42
    • Published: Feb. 08, 2019
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-2485

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload' function. This mak... Read more

    • Published: Mar. 28, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-2005

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticate... Read more

    Affected Products : front_end_users
    • Published: Apr. 02, 2025
    • Modified: Aug. 12, 2025

  • 4.9

    MEDIUM
    CVE-2024-12410

    The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ... Read more

    Affected Products : front_end_users
    • Published: Apr. 02, 2025
    • Modified: Aug. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-13518

    The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for u... Read more

    Affected Products : simple\ simplepress
    • Published: Mar. 01, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-1459

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    Affected Products : page_builder
    • Published: Mar. 01, 2025
    • Modified: Aug. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-13526

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This mak... Read more

    Affected Products : eventprime
    • Published: Mar. 07, 2025
    • Modified: Aug. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-12409

    The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthen... Read more

    Affected Products : simple\ simplepress
    • Published: Jan. 30, 2025
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2023-38114

    Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulne... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23333

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to informati... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23334

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23335

    NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 6.6

    MEDIUM
    CVE-2025-47183

    In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.... Read more

    Affected Products : gstreamer
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025

  • 8.1

    HIGH
    CVE-2025-47219

    In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.... Read more

    Affected Products : gstreamer
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025

  • 5.6

    MEDIUM
    CVE-2025-47806

    In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.... Read more

    Affected Products : gstreamer
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025

  • 5.5

    MEDIUM
    CVE-2025-47807

    In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.... Read more

    Affected Products : gstreamer
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
Showing 20 of 290978 Results