Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2021-24151

    The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.... Read more

    Affected Products : wp_editor
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-36770

    pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.... Read more

    Affected Products : ebuild_for_slurm
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-3440

    IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    Affected Products : security_guardium
    • Published: May. 15, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-48708

    gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.... Read more

    Affected Products : ghostscript
    • Published: May. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-1155

    A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products : qloapps
    • Published: Feb. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1114

    A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. ... Read more

    Affected Products : newbee-mall
    • Published: Feb. 07, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-25023

    IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.... Read more

    Affected Products : security_guardium
    • Published: Apr. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-21561

    Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-21554

    Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthe... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-21544

    Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low pri... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-21542

    Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low pri... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-21539

    Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HT... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32881

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32882

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the me... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-32884

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32885

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-21537

    Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-32886

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-32887

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-32888

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography
Showing 20 of 293643 Results