Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2023-32253

    A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2013-10046

    A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accept... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-4523

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it poss... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-7443

    The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-7845

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output... Read more

    Affected Products : stratum
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-7646

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when ... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-6398

    A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' s... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-6228

    The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`,... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-41371

    A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-41373

    A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-50472

    The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45150

    Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.8

    LOW
    CVE-2025-54781

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token ca... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-23278

    NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering  or denial o... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2019-19145

    Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-6205

    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-8341

    Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-41691

    An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-41658

    CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-20700

    In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 293352 Results