Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-23144

    In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]---------... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-23143

    In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-23142

    In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and t... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-23141

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "ac... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-23140

    In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error After devm_request_irq() fails with error in pci_endpoint_test_request_irq(), the pci_endpoint_test_... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025

  • 6.2

    MEDIUM
    CVE-2023-46669

    Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elasti... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-4164

    A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It i... Read more

    Affected Products : employee_record_management_system
    • Published: May. 01, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4163

    A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attac... Read more

    Affected Products : land_record_system
    • Published: May. 01, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-3890

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user... Read more

    • Published: May. 01, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3889

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This makes it possible... Read more

    • Published: May. 01, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-3874

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attacke... Read more

    • Published: May. 01, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1529

    The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4162

    A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. This vulnerability affects unknown code of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4161

    A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27007

    Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.... Read more

    Affected Products : suretriggers
    • Published: May. 01, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4160

    A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remot... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4159

    A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be lau... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4158

    A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been classified as critical. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-4157

    A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. The attack may b... Read more

    Affected Products : boat_booking_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4156

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be ini... Read more

    Affected Products : boat_booking_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection
Showing 20 of 293654 Results