Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-4046

    A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025

  • 8.2

    HIGH
    CVE-2025-4044

    Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-43739

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025

  • 6.8

    MEDIUM
    CVE-2024-45062

    A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger th... Read more

    Affected Products : ippusbxd_firmware ippusbxd
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-9139

    A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be p... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025

  • 5.1

    MEDIUM
    CVE-2025-9138

    A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit ... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 5.1

    MEDIUM
    CVE-2025-9137

    A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been discl... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 4.6

    MEDIUM
    CVE-2025-43740

    A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-9136

    A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgradin... Read more

    Affected Products : retroarch
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-9135

    A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android applicati... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-9134

    A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper e... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 4.4

    MEDIUM
    CVE-2025-8783

    The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-8567

    The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-41689

    An unauthenticated remote attacker can grant access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-41685

    A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 9.8

    CRITICAL
    CVE-2025-8723

    The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it pos... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-8622

    The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 7.5

    HIGH
    CVE-2025-7670

    The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2025-7654

    Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication co... Read more

    Affected Products : funnelkit_automations
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2025-8218

    The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update r... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
Showing 20 of 290954 Results