Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-5540

    The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output esca... Read more

    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-48905

    Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-48904

    Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48903

    Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-6693

    A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/devic... Read more

    Affected Products : rt-thread
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-48902

    Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-22249

    VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-48911

    Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-48910

    Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-48909

    Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-6676

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.... Read more

    Affected Products : simple_xml_sitemap
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-6677

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.... Read more

    Affected Products : paragraphs_table
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-48908

    Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-48907

    Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6735

    A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack r... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-6736

    A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. T... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-52717

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6.... Read more

    Affected Products : lifterlms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1704

    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful p... Read more

    Affected Products : chrome_os
    • Published: Apr. 16, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-44039

    CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing in... Read more

    Affected Products : cp-xr-de21-s_firmware cp-xr-de21-s
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-27695

    Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : wyse_management_suite
    • Published: May. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
Showing 20 of 291400 Results