Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38520

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notifier callback from compactd or fork or numa balancing could release the last ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38517

    In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocate... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38505

    In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: discard erroneous disassoc frames on STA interface When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames t... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-49898

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-32980

    NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-32249

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: not allow guest user on multichannel This patch return STATUS_NOT_SUPPORTED if binding session is guest.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-32246

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2025-47206

    An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following vers... Read more

    Affected Products : file_station
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-9102

    A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of andro... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-9060

    A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerabili... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-8878

    The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to ... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-8896

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preferences[]' parameter in all versions up to, and including, 3.1... Read more

    Affected Products : profile_builder
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8142

    The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include an... Read more

    Affected Products : soledad
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-7664

    The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, ... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-7440

    The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6221

    The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-55284

    Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe comm... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-55203

    Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and... Read more

    Affected Products : plane
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-55291

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) ... Read more

    Affected Products : shaarli
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292818 Results