Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-9340

    Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle f... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-57884

    Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.... Read more

    Affected Products : greenshift
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57887

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster allows Stored XSS. This issue affects Jobmonster: from n/a through 4.8.0.... Read more

    Affected Products : jobmonster
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-57893

    Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-57894

    Missing Authorization vulnerability in ollybach WPPizza allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPPizza: from n/a through 3.19.8.... Read more

    Affected Products : wppizza
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-57896

    Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.... Read more

    Affected Products : church_admin
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9254

    WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-9256

    WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-9257

    WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-9258

    WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-9331

    The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2009-10006

    UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the applicati... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-58239

    In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging t... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-33120

    IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.... Read more

    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-55573

    QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38621

    In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38636

    In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in do_trace_event_raw_even... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38641

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure prop... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38642

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably without channel context support) we get a WARN_ON for changing the per-lin... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38647

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the earl... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition
Showing 20 of 291573 Results