Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.8

    LOW
    CVE-2025-54314

    Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take con... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Aug. 10, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-38236

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The following sequences reproduce the issue: $ python3 from ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 08, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38191

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroy_previous_session If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37998

    In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensure... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-22037

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-37071

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.... Read more

    Affected Products : db2
    • Published: Dec. 07, 2024
    • Modified: Aug. 09, 2025

  • 4.9

    MEDIUM
    CVE-2023-50956

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 09, 2025

  • 5.7

    MEDIUM
    CVE-2025-2228

    The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possibl... Read more

    • Published: Mar. 26, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-43153

    Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.... Read more

    Affected Products : woffice
    • Published: Aug. 13, 2024
    • Modified: Aug. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-9595

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products : tablepress
    • Published: Oct. 12, 2024
    • Modified: Aug. 09, 2025

  • 6.1

    MEDIUM
    CVE-2023-6812

    The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it pos... Read more

    Affected Products : wp_compress
    • Published: May. 14, 2024
    • Modified: Aug. 09, 2025

  • 8.8

    HIGH
    CVE-2023-42123

    Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerab... Read more

    Affected Products : webpanel
    • Published: May. 03, 2024
    • Modified: Aug. 09, 2025

  • 7.8

    HIGH
    CVE-2023-42122

    Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low... Read more

    Affected Products : webpanel
    • Published: May. 03, 2024
    • Modified: Aug. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-42121

    Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability... Read more

    Affected Products : webpanel
    • Published: May. 03, 2024
    • Modified: Aug. 09, 2025

  • 8.8

    HIGH
    CVE-2023-42120

    Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulner... Read more

    Affected Products : webpanel
    • Published: May. 03, 2024
    • Modified: Aug. 09, 2025

  • 7.5

    HIGH
    CVE-2024-1934

    The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it poss... Read more

    Affected Products : wp_compress
    • Published: Apr. 09, 2024
    • Modified: Aug. 09, 2025

  • 8.8

    HIGH
    CVE-2024-32106

    Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. ... Read more

    Affected Products : wp_compress
    • Published: Apr. 11, 2024
    • Modified: Aug. 09, 2025

  • 9.3

    CRITICAL
    CVE-2012-10050

    CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitra... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-8738

    A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information dis... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2012-10052

    EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 291384 Results