Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-37893

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in build_prologue() Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that t... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37860

    In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; conseq... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-37785

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later o... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3783

    A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to ... Read more

    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-3598

    The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and outp... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025

  • 4.8

    MEDIUM
    CVE-2025-2162

    The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1863

    Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-39471

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-39470

    Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-39469

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-42599

    Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-s... Read more

    Affected Products : active\!_mail
    • Actively Exploited
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-3520

    The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access a... Read more

    Affected Products : avatar
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Path Traversal

  • 4.4

    MEDIUM
    CVE-2025-2613

    The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sa... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13650

    The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output es... Read more

    Affected Products : piotnet_addons
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-25427

    A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This le... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-0467

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Apr. 18, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3509

    A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. Th... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-3246

    An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3124

    A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Ov... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-29461

    An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.... Read more

    Affected Products : a-blog_cms a-blogcms a-blogcms
    • Published: Apr. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293605 Results