Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-58135

    Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() functio... Read more

    Affected Products : mojolicious
    • Published: May. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-3815

    The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-4222

    The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extrac... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-4199

    The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abundatrade' page. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-4198

    The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-4188

    The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page.... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-4172

    The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4170

    The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4168

    The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-47229

    libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/var... Read more

    Affected Products : pspp
    • Published: May. 03, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-3918

    The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and p... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3779

    The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘widgetId’ parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-13738

    The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not pr... Read more

    Affected Products :
    • Published: May. 03, 2025
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2025-46723

    OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-21572

    OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.... Read more

    Affected Products : opengrok
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-55069

    ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.... Read more

    Affected Products : ffmpeg
    • Published: May. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2022-21546

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set ... Read more

    Affected Products : linux_kernel linux
    • Published: May. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-4218

    A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the a... Read more

    Affected Products : browserpilot
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-4215

    A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular exp... Read more

    Affected Products : debian_linux ublock_origin
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-47226

    Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.... Read more

    Affected Products : snipe-it
    • Published: May. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization
Showing 20 of 294068 Results