Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4797

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting a... Read more

    Affected Products : golo
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-4224

    The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-4047

    The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for au... Read more

    Affected Products : broken_link_checker
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-2939

    The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauth... Read more

    Affected Products : ninja_tables
    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5419

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5068

    Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 03, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-49164

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-49163

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-49162

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-3919

    The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to p... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-48996

    HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `... Read more

    Affected Products : hax haxcms-nodejs
    • Published: Jun. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-48387

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a wor... Read more

    Affected Products : npm tar-fs
    • Published: Jun. 02, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-47585

    Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.... Read more

    Affected Products : booking_\&_rental_manager
    • Published: Jun. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49069

    Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.... Read more

    Affected Products : wordpress_contact_forms
    • Published: Jun. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-23105

    An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-23099

    An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1051

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : era_300_firmware era_300
    • Published: Jun. 02, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-5086

    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.... Read more

    Affected Products : delmia_apriso
    • Published: Jun. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-45387

    osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.... Read more

    Affected Products : osticket
    • Published: Jun. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-27956

    Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.... Read more

    Affected Products : weblaudos
    • Published: Jun. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291672 Results