Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-52561

    A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files.... Read more

    Affected Products : parallels_desktop
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-36486

    A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and write... Read more

    Affected Products : parallels_desktop
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5116

    The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-5103

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied par... Read more

    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-4420

    The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_b... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1725

    The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitizati... Read more

    Affected Products : file_manager
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-46355

    Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-41428

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-21479

    Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-4567

    The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with... Read more

    Affected Products : post_slider_and_post_carousel
    • Published: Jun. 03, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3662

    The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escala... Read more

    Affected Products : fancybox
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3584

    The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : newsletter
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-31712

    In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +8 more products
    • Published: Jun. 03, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31711

    In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +8 more products
    • Published: Jun. 03, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-31710

    In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc9863a t606 t612 t616 t760 t770 t820 t750 +3 more products
    • Published: Jun. 03, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-27038

    Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27031

    memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.... Read more

    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27029

    Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.... Read more

    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21486

    Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.... Read more

    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21485

    Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.... Read more

    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292803 Results