Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21475

    Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21470

    Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21469

    Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-21459

    Transient DOS while parsing per STA profile in ML IE.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21453

    Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49844

    Memory corruption while triggering commands in the PlayReady Trusted application.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-47384

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress – Image Optimizer [All-In-One]: from n/... Read more

    Affected Products : wp_compress
    • Published: Oct. 05, 2024
    • Modified: Aug. 11, 2025

  • 8.7

    HIGH
    CVE-2025-21601

    An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthentic... Read more

    Affected Products : junos
    • Published: Apr. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2539

    The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the ... Read more

    Affected Products : file_away
    • Published: Mar. 20, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-40600

    Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-2512

    The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthentica... Read more

    Affected Products : file_away
    • Published: Mar. 19, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-26530

    The question bank filter required additional sanitizing to prevent a reflected XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-53606

    Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.... Read more

    Affected Products : seata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-24936

    The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. A... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-24937

    File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound t... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-24938

    The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under ... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50468

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50467

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-50466

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-50465

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection
Showing 20 of 291513 Results