Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38506

    In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory (1TB+), the host can experience CPU soft l... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2025-38502

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgrou... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.4

    MEDIUM
    CVE-2025-8896

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preferences[]' parameter in all versions up to, and including, 3.1... Read more

    Affected Products : profile_builder
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.4

    MEDIUM
    CVE-2025-8293

    The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-7686

    The weichuncai(WP伪春菜) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated a... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-7684

    The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_artwork.php' page. This makes it poss... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-7683

    The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2024-12612

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and ... Read more

    Affected Products : school_management_system
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-7441

    The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.4

    MEDIUM
    CVE-2025-7440

    The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.4

    MEDIUM
    CVE-2025-7439

    Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2025-6079

    The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated att... Read more

    Affected Products : school_management_system
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2025-49895

    Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2025-8959

    HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.... Read more

    Affected Products : go-getter retryablehttp
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-36088

    IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 4.8

    MEDIUM
    CVE-2025-43490

    A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 9.1

    CRITICAL
    CVE-2025-9060

    A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerabili... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-55203

    Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and... Read more

    Affected Products : plane
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2025-38548

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290983 Results