Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-7664

    The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, ... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-7440

    The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6221

    The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-55284

    Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe comm... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-55203

    Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and... Read more

    Affected Products : plane
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-55291

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) ... Read more

    Affected Products : shaarli
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-4962

    An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by ... Read more

    Affected Products : lunary
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-4371

    A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-49897

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-49432

    Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-43731

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-9095

    A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be ini... Read more

    Affected Products : express-gateway
    • Published: Aug. 17, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-52619

    HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-38503

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-12575

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated atta... Read more

    Affected Products : poll_maker
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2023-3866

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, k... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-31715

    In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-38504

    In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have allocated niovs on page pool destruction. Remove a misplaced warning checking tha... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38533

    In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293339 Results