Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-9949

    The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the process_bulk_action() f... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-57396

    Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or adminis... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-10002

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the export_csv() function in all versions up to, and including, 2.5.0 due to insufficient escaping on ... Read more

    Affected Products : clickwhale
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-9882

    The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-39853

    In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to poten... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-10772

    A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads t... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-10718

    A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be appro... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10741

    A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is p... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-59344

    AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-10722

    A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-10757

    A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated rem... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-34202

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker ab... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39862

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211_rest... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025

  • 8.8

    HIGH
    CVE-2025-54815

    Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-34191

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce out... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-43809

    Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through u... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-39842

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->jou... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39852

    In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just exits the function. This ends up causing a me... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-34189

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The softwa... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-57644

    Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input va... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 4409 Results