Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-41392

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could lev... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 8.4

    HIGH
    CVE-2025-52584

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker co... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 8.4

    HIGH
    CVE-2025-53705

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could le... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 4.8

    MEDIUM
    CVE-2025-9119

    A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cros... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 4.6

    MEDIUM
    CVE-2025-43740

    A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-8567

    The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-8622

    The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 4.3

    MEDIUM
    CVE-2025-8357

    The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions... Read more

    Affected Products : media_library_assistant
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 4.4

    MEDIUM
    CVE-2025-8783

    The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-41689

    An unauthenticated remote attacker can grant access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 9.8

    CRITICAL
    CVE-2025-8723

    The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it pos... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 7.5

    HIGH
    CVE-2025-7670

    The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2025-7654

    Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication co... Read more

    Affected Products : funnelkit_automations
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2025-8218

    The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update r... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-7496

    The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : wpc_smart_compare_for_woocommerce
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 0.0

    NA
    CVE-2025-38553

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - t... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 8.7

    HIGH
    CVE-2025-53948

    The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 5.4

    MEDIUM
    CVE-2025-54862

    Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 6.1

    MEDIUM
    CVE-2025-54759

    Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025

  • 9.1

    CRITICAL
    CVE-2025-54156

    The Sante PACS Server Web Portal sends credential information without encryption.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
Showing 20 of 290983 Results