Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-7519

    A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exp... Read more

    • Published: Jul. 14, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-54050

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor allows Stored XSS. This issue affects Responsive Addons for Elementor: from n/a through 1.7.3.... Read more

    Affected Products : responsive_addons_for_elementor
    • Published: Jul. 16, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-36097

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to con... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 16, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-7784

    A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforc... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Jul. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-8745

    A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper expo... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-46709

    Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.... Read more

    Affected Products : ddk
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25231

    Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-6997

    The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls ... Read more

    Affected Products : addons
    • Published: Jul. 19, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-7222

    Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnera... Read more

    Affected Products : keyshot
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-7458

    An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process mem... Read more

    Affected Products : sqlite
    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-53082

    An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-53081

    An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-53080

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-53079

    Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-53078

    Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-53077

    An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-4370

    The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20... Read more

    Affected Products : brizy
    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8279

    Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 291179 Results