Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-47445

    Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.... Read more

    Affected Products : eventin
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-4520

    The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 9.1

    CRITICAL
    CVE-2025-3623

    The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticate... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-1137

    IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.... Read more

    • Published: May. 10, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-4166

    Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vu... Read more

    Affected Products : vault
    • Published: May. 02, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-3879

    Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault E... Read more

    Affected Products : vault
    • Published: May. 02, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-52081

    In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Jul. 15, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2024-52903

    IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : linux_kernel db2 windows unix
    • Published: May. 01, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2024-43223

    Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.... Read more

    Affected Products : eventprime eventprime
    • Published: Nov. 01, 2024
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2024-4361

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on use... Read more

    Affected Products : page_builder
    • Published: May. 21, 2024
    • Modified: Aug. 12, 2025

  • 8.4

    HIGH
    CVE-2025-8854

    Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8833

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stac... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8832

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffe... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8831

    A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-8830

    A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injectio... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-8846

    A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-8837

    A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 4.6

    MEDIUM
    CVE-2025-8661

    A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-6573

    Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).... Read more

    Affected Products : ddk
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2023-27365

    Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit thi... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 11, 2025
Showing 20 of 290983 Results