Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-43752

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload a... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NONE
    CVE-2025-9340

    Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle f... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-57893

    Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-57896

    Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.... Read more

    Affected Products : church_admin
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-9256

    WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-9258

    WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-9331

    The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-55573

    QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38641

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure prop... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38642

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably without channel context support) we get a WARN_ON for changing the per-lin... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38648

    In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that the pointer returned by of_device_get_match_data is not NULL b... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38654

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_regist... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-57885

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.... Read more

    Affected Products : fluent_support
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-57888

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster allows Retrieve Embedded Sensitive Data. This issue affects Jobmonster: from n/a through 4.8.0.... Read more

    Affected Products : jobmonster
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-51606

    hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "ad... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-36042

    IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... Read more

    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2009-20002

    Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to cr... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2010-20034

    Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing ... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29365

    spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38626

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ k... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292795 Results