Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-48448

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.... Read more

    Affected Products : drupal admin_audit_trail
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-48447

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.... Read more

    Affected Products : drupal lightgallery
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48446

    Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.... Read more

    Affected Products : drupal commerce_alphabank_redirect
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48445

    Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.... Read more

    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48444

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48013

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-3473

    IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.... Read more

    • Published: Jun. 11, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0163

    IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.... Read more

    • Published: Jun. 11, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-4922

    Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.... Read more

    Affected Products : nomad
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 6.6

    MEDIUM
    CVE-2025-4605

    A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.... Read more

    • Published: Jun. 11, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-40914

    Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-35941

    A password is exposed locally.... Read more

    Affected Products : mypro
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-32711

    Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jun. 11, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5144

    The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : the_events_calendar
    • Published: Jun. 11, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5986

    A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage d... Read more

    Affected Products : thunderbird
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-5687

    A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).... Read more

    Affected Products : vpn
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-49710

    An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-49709

    Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3302

    The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-4573

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection
Showing 20 of 291728 Results