Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38270

    In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete() from it, since it may not be scheduled. Breno reports hitting... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38269

    In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38268

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the DisplayPort Alt Mode dr... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38267

    In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025

  • 0.0

    NA
    CVE-2025-38266

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses") introduced an access to the ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38265

    In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oop... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025

  • 5.3

    MEDIUM
    CVE-2025-32989

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containin... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-32988

    A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will cal... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-7387

    The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This ... Read more

    Affected Products : lana_downloads_manager
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-6236

    The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : hostel
    • Published: Jul. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-6234

    The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : hostel
    • Published: Jul. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2025-46406

    A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary. This issue affects Command Centre S... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-44003

    Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Ser... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-35983

    Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there i... Read more

    Affected Products : controller_7000_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-5807

    The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : gwolle_guestbook
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4406

    The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : wpforo_forum
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6976

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-6975

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and out... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-6970

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter ... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
Showing 20 of 291615 Results