Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-9095

    A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be ini... Read more

    Affected Products : express-gateway
    • Published: Aug. 17, 2025
    • Modified: Aug. 18, 2025

  • 5.3

    MEDIUM
    CVE-2025-9094

    A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated rem... Read more

    Affected Products : thingsboard
    • Published: Aug. 17, 2025
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2025-7342

    A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the co... Read more

    Affected Products : image_builder
    • Published: Aug. 17, 2025
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-9093

    A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. ... Read more

    Affected Products :
    • Published: Aug. 17, 2025
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2025-9091

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. ... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9090

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9089

    A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9088

    A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiate... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 16, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9087

    A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overfl... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 16, 2025
    • Modified: Aug. 21, 2025

  • 0.0

    NA
    CVE-2023-4515

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-4130

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_in... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-3867

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB r... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-3866

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, k... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-3865

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow overs... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-32249

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: not allow guest user on multichannel This patch return STATUS_NOT_SUPPORTED if binding session is guest.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 0.0

    NA
    CVE-2023-32246

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-8878

    The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to ... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 6.4

    MEDIUM
    CVE-2025-8143

    The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : soledad
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2025-8142

    The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include an... Read more

    Affected Products : soledad
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 7.3

    HIGH
    CVE-2025-8105

    The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_short... Read more

    Affected Products : soledad
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290954 Results