Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8218

    The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update r... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-54156

    The Sante PACS Server Web Portal sends credential information without encryption.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cryptography

  • 4.4

    MEDIUM
    CVE-2025-8783

    The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7670

    The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-7496

    The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : wpc_smart_compare_for_woocommerce
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6758

    The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration rol... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-53948

    The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-43740

    A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-41685

    A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-54759

    Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-54862

    Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-8357

    The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions... Read more

    Affected Products : media_library_assistant
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-55896

    IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.  This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.... Read more

    Affected Products : i i
    • Published: Jan. 03, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-21457

    Information disclosure while opening a fastrpc session when domain is not sanitized.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-21458

    Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21461

    Memory corruption when programming registers through virtual CDM.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21473

    Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21474

    Memory corruption while processing commands from A2dp sink command queue.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-21611

    tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access t... Read more

    Affected Products : tgstation-server
    • Published: Jan. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-8312

    Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * D... Read more

    Affected Products : devolutions_server
    • Published: Jul. 30, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Race Condition
Showing 20 of 293611 Results