Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-21868

    In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21867

    In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2847

    A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. Th... Read more

    Affected Products : gym_management_system
    • Published: Mar. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2846

    A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argu... Read more

    Affected Products : online_eyewear_shop
    • Published: Mar. 27, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-2255

    An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2242

    An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to c... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-0811

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-9773

    An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration coul... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-31141

    In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-31140

    In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-31139

    In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-30925

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-30923

    Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8.... Read more

    Affected Products : widgets-on-pages
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-30922

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-30921

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.... Read more

    Affected Products : newsletters
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-30920

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-30919

    Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-30918

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3.... Read more

    Affected Products : structured_content
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-30914

    Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2.... Read more

    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-30912

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.... Read more

    Affected Products : float_menu
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291871 Results