Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-13756

    The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-13342

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the Action... Read more

    Affected Products : frontend_admin
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12358

    The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incor... Read more

    Affected Products : shopengine
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.2

    MEDIUM
    CVE-2025-29864

    Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.... Read more

    Affected Products : alzip
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10304

    The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.... Read more

    Affected Products : everest_backup
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 7.9

    HIGH
    CVE-2025-54065

    GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, ... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-33208

    NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclo... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2025-8074

    Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-13472

    A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdo... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40218

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table wa... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40234

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize `awcc`. Add a check before dereferencing it in sleep... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-13401

    The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attribute... Read more

    Affected Products : autoptimize
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-40243

    In the Linux kernel, the following vulnerability has been resolved: hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() The syzbot reported issue in hfs_find_set_zero_bits(): ===================================================== BUG: KMSAN: u... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40219

    In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Before disabling SR-IOV via config space accesses to the parent PF, sriov_disable() first removes the PCI devices r... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40244

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hf... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40217

    In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025

  • 0.0

    NA
    CVE-2025-40250

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-13513

    The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-66453

    Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption ... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40255

    In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data(... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service
Showing 20 of 5217 Results