Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-26619

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega exp... Read more

    Affected Products : vega vega-functions
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-25100

    Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-25086

    Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-22816

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22770

    Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22673

    Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5.... Read more

    Affected Products : ean_for_woocommerce
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-22672

    Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-21871

    In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It be... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-21870

    In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->d... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-21869

    In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ==============... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21868

    In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21867

    In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2847

    A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. Th... Read more

    Affected Products : gym_management_system
    • Published: Mar. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2846

    A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argu... Read more

    Affected Products : online_eyewear_shop
    • Published: Mar. 27, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-2255

    An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2242

    An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to c... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-0811

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-9773

    An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration coul... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-31141

    In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-31140

    In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292721 Results