Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-2857

    Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sand... Read more

    Affected Products : firefox firefox_esr
    • Published: Mar. 27, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-2852

    A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of the argument ID l... Read more

    Affected Products : food_ordering_management_system
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-2849

    A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack... Read more

    Affected Products : upx upx
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-27793

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definiti... Read more

    Affected Products : vega
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-26738

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3.... Read more

    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26737

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26736

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26734

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26732

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26731

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-26619

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega exp... Read more

    Affected Products : vega vega-functions
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-25100

    Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-25086

    Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-22816

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22770

    Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22673

    Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5.... Read more

    Affected Products : ean_for_woocommerce
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-22672

    Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-21871

    In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It be... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-21870

    In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->d... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-21869

    In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ==============... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291871 Results