Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39977

    In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() s... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39982

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state ==... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-10406

    The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks.... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-54272

    Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be exe... Read more

    Affected Products : experience_manager_forms
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-59051

    The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied i... Read more

    Affected Products : freepbx
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39986

    In the Linux kernel, the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN dri... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39971

    In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025

  • 0.0

    NA
    CVE-2025-39968

    In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39966

    In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-10611

    Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerab... Read more

    Affected Products : api_manager identity_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-10312

    The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-10303

    The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up to, and including, 3.1. This makes it possibl... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-10301

    The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields() function. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-10300

    The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fme_nb_topbar_save_settings() function. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-10299

    The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_create_link AJAX action in all versions up to, and including, 1.0.7. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10294

    The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly checking if the ownid_shared_secret value is empty prior to authenticating a user ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-10293

    The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.3. This is due to the plugin not properly validating a user's identity associated with... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-10194

    The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10186

    The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the remove_row function in all versions up to, and including, 4.0.14. This makes it possib... Read more

    Affected Products : wp_whydonate
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-10141

    The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3690 Results