Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-49432

    Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-43731

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-9095

    A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be ini... Read more

    Affected Products : express-gateway
    • Published: Aug. 17, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-52619

    HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-38503

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-12575

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated atta... Read more

    Affected Products : poll_maker
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2023-3866

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, k... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-31715

    In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-32980

    NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38504

    In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have allocated niovs on page pool destruction. Remove a misplaced warning checking tha... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38533

    In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38513

    In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible:... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38521

    In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their docume... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38501

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal clien... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38547

    In the Linux kernel, the following vulnerability has been resolved: iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps The AXP717 ADC channel maps is missing a sentinel entry at the end. This causes a KASAN warning. Add the missing s... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2025-38524

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38545

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info While transitioning from netdev_alloc_ip_align() to build_skb(), memory for the "skb_shared_info" membe... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38525

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in local_bh_enable() The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-3671

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access ... Read more

    Affected Products : wordpress_gym_management_system
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 2.0

    LOW
    CVE-2025-3639

    Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication
Showing 20 of 292495 Results