Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-68333

    In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq,... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-13361

    The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-12934

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This ma... Read more

    Affected Products : beaver_builder
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-68556

    Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68342

    In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68338

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails... Read more

    Affected Products : linux_kernel
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025

  • 6.5

    MEDIUM
    CVE-2025-68559

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-24844

    Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.... Read more

    Affected Products : powerpack_addons_for_elementor
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12492

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members f... Read more

    Affected Products : ultimate_member
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-25068

    Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-53959

    FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the... Read more

    Affected Products : filezilla_client
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-68475

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsin... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-53962

    SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafte... Read more

    Affected Products : stream
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68327

    In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence describ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68326

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stack_depot usage Add missing stack_depot_init() call when CONFIG_DRM_XE_DEBUG_GUC is enabled to fix the following call stack: [] BUG: kernel NULL pointer dereference,... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-62107

    Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-8304

    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.5

    CRITICAL
    CVE-2025-11543

    Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-15016

    Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-62955

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4195 Results