Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7775

    Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ... Read more

    • Actively Exploited
    • Published: Aug. 26, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-7392

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.... Read more

    Affected Products : cookies_addons
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-7393

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.... Read more

    Affected Products : mail_login
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-52885

    The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5692

    The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possibl... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2028

    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs... Read more

    Affected Products : log_server
    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-54878

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow v... Read more

    Affected Products : cryptolib
    • Published: Aug. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-52566

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior i... Read more

    Affected Products : llama.cpp
    • Published: Jun. 24, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49847

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cp... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-52559

    Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-sit... Read more

    Affected Products : zulip zulip_server
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25202

    Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manually revoking token... Read more

    Affected Products : ash_authentication
    • Published: Feb. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-2594

    The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target a... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-0466

    The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.... Read more

    Affected Products : sensei_lms
    • Published: Feb. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-8983

    Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : custom_twitter_feeds
    • Published: Oct. 08, 2024
    • Modified: Aug. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-4665

    The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.... Read more

    Affected Products : eventprime
    • Published: May. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2012-0216

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local... Read more

    Affected Products : debian_linux apache2
    • Published: Apr. 22, 2012
    • Modified: Aug. 27, 2025

  • 8.2

    HIGH
    CVE-2025-41450

    Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-3755

    Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service ... Read more

    • Published: May. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-9028

    A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit h... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-32242

    Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.... Read more

    Affected Products : woodmart
    • Published: Dec. 21, 2023
    • Modified: Aug. 27, 2025
Showing 20 of 293329 Results