Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-1804

    accountsservice no longer drops permissions when writting .pam_environment... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Mar. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-2109

    The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to mak... Read more

    Affected Products : wp_compress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-2757

    A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipul... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2756

    A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipul... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-2635

    The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for ... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-2542

    The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2024-53679

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a... Read more

    Affected Products : vcl
    • Published: Mar. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53678

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned b... Read more

    Affected Products : vcl
    • Published: Mar. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2755

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Hand... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2754

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2753

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation le... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-2559

    A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefini... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Mar. 25, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-2510

    The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2319

    The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it pos... Read more

    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2024-13731

    The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output ... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13710

    The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possib... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-13690

    The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2752

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2751

    A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handl... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2750

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipu... Read more

    Affected Products : assimp
    • Published: Mar. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292767 Results