Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-8435

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing author... Read more

    Affected Products : online_movie_streaming
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025

  • 6.4

    MEDIUM
    CVE-2025-7845

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output... Read more

    Affected Products : stratum
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 7.2

    HIGH
    CVE-2025-7725

    The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all vers... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 8.1

    HIGH
    CVE-2025-7443

    The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2025-4523

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it poss... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2025-8434

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch... Read more

    Affected Products : online_movie_streaming
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025

  • 5.5

    MEDIUM
    CVE-2025-8433

    A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated re... Read more

    Affected Products : document_management_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-5947

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in th... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 6.9

    MEDIUM
    CVE-2025-53399

    In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict s... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 5.8

    MEDIUM
    CVE-2019-19145

    Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-5954

    The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through th... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-8431

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be i... Read more

    Affected Products : boat_booking_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025

  • 4.6

    MEDIUM
    CVE-2025-48073

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is pos... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 6.8

    MEDIUM
    CVE-2025-48072

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math wh... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 8.4

    HIGH
    CVE-2025-48071

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompres... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 7.0

    HIGH
    CVE-2025-45768

    pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for optin... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2025-23289

    NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to in... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 3.7

    LOW
    CVE-2023-32251

    A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of async... Read more

    Affected Products : linux_kernel
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-8286

    The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2025-50572

    An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
Showing 20 of 290943 Results