Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-6256

    The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7036

    The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-54628

    Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-54630

    :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 5.5

    MEDIUM
    CVE-2025-21011

    Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-21014

    Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-21022

    Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.... Read more

    Affected Products : galaxy_wearable
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-21464

    Information disclosure while reading data from an image using specified offset and size parameters.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-46388

    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-54621

    Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-6986

    The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insufficient escaping on the user supplied parameter and lack o... Read more

    Affected Products : filebird
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 4.4

    MEDIUM
    CVE-2025-54626

    Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54640

    ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 4.2

    MEDIUM
    CVE-2025-54650

    Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27062

    Memory corruption while handling client exceptions, allowing unauthorized channel access.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-51306

    In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-48393

    The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is availa... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-46386

    CWE-639 Authorization Bypass Through User-Controlled Key... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46389

    CWE-620: Unverified Password Change... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-46387

    CWE-639 Authorization Bypass Through User-Controlled Key... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 292512 Results