Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-2938

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where... Read more

    Affected Products : gitlab
    • Published: Jun. 26, 2025
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-1754

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API ... Read more

    Affected Products : gitlab
    • Published: Jun. 26, 2025
    • Modified: Aug. 12, 2025

  • 6.2

    MEDIUM
    CVE-2025-53186

    Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 6.6

    MEDIUM
    CVE-2025-53185

    Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 4.8

    MEDIUM
    CVE-2025-53178

    Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 3.9

    LOW
    CVE-2025-53177

    Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 7.6

    HIGH
    CVE-2025-53169

    Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 5.7

    MEDIUM
    CVE-2025-53168

    Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-43656

    Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vul... Read more

    Affected Products : view
    • Published: May. 07, 2024
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2023-37865

    Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1.... Read more

    Affected Products : country_blocker
    • Published: Jun. 04, 2024
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55156

    pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data ... Read more

    Affected Products : pyload
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-52931

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 6.8

    MEDIUM
    CVE-2025-40752

    A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-8482

    The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers,... Read more

    Affected Products : simple_local_avatars
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-8418

    The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-6253

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient control... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-8314

    The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-8685

    The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-8568

    The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-8462

    The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products : rt_easy_builder
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
Showing 20 of 290981 Results