Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-46709

    Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.... Read more

    Affected Products : ddk
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25231

    Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-6997

    The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls ... Read more

    Affected Products : addons
    • Published: Jul. 19, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-7222

    Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnera... Read more

    Affected Products : keyshot
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-7458

    An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process mem... Read more

    Affected Products : sqlite
    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-53082

    An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-53081

    An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-53080

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-53079

    Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-53078

    Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-53077

    An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-4370

    The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20... Read more

    Affected Products : brizy
    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8279

    Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-8183

    NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2019-25224

    The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.... Read more

    Affected Products : wp_database_backup
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-33109

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of ... Read more

    Affected Products : i i
    • Published: Jul. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-5084

    The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : post_grid_master
    • Published: Jul. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-33020

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-52082

    In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Jul. 15, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291219 Results