Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-1660

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1659

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1658

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Apr. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-3085

    A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not ... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-3084

    When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Ser... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-3083

    Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-30177

    Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LT... Read more

    Affected Products : camel
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-2906

    The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2237

    The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible ... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13553

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-3082

    A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-27130

    Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the prod... Read more

    Affected Products : welcart_e-commerce
    • Published: Apr. 01, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-56325

    Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"co... Read more

    Affected Products : pinot
    • Published: Apr. 01, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-30065

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.... Read more

    Affected Products : parquet parquet_java
    • Published: Apr. 01, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-2891

    The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated at... Read more

    Affected Products : real_estate_7
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-29868

    Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain pr... Read more

    Affected Products : answer
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27427

    A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permissi... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 01, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1512

    The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization an... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-1267

    The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products : groundhogg
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-12278

    The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization a... Read more

    Affected Products : booster_for_woocommerce
    • Published: Apr. 01, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292843 Results