Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38355

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt->wq that we use to complete asynchronous removal of some GGTT ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 0.0

    NA
    CVE-2025-38354

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fix crash when throttling GPU immediately during boot There is a small chance that the GPU is already hot during boot. In that case, the call to of_devfreq_cooling_register... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 0.0

    NA
    CVE-2025-38353

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 5.1

    MEDIUM
    CVE-2025-8155

    A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest lea... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-5254

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kron Technologies Kron PAM allows Stored XSS.This issue affects Kron PAM: before 3.7.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-5253

    Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM allows HTTP DoS.This issue affects Kron PAM: before 3.7.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 7.5

    HIGH
    CVE-2025-8183

    NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8140

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 9.0

    HIGH
    CVE-2025-8139

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type lea... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2023-7306

    The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthen... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 9.0

    HIGH
    CVE-2025-8138

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of th... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 9.0

    HIGH
    CVE-2025-8137

    A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 9.0

    HIGH
    CVE-2025-8136

    A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-8135

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. T... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-5835

    The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attacker... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-5831

    The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Sub... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025

  • 8.8

    HIGH
    CVE-2025-8134

    A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. Th... Read more

    Affected Products : bp_monitoring_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-8133

    A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery.... Read more

    Affected Products : chancms
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-7022

    The My Reservation System WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 5.5

    MEDIUM
    CVE-2025-8132

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. Th... Read more

    Affected Products : chancms
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291003 Results