Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2023-7304

    Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the appli... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39987

    In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39980

    In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # i... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39976

    In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_all... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39978

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Tw... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-31702

    A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-6042

    The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. Wh... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-26859

    RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-26860

    RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-11176

    The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions due to missing validation on a user controlled ke... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39970

    In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39974

    In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2025-55089

    In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-10299

    The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_create_link AJAX action in all versions up to, and including, 1.0.7. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10294

    The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly checking if the ownid_shared_secret value is empty prior to authenticating a user ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-10293

    The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.3. This is due to the plugin not properly validating a user's identity associated with... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-10194

    The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10186

    The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the remove_row function in all versions up to, and including, 4.0.14. This makes it possib... Read more

    Affected Products : wp_whydonate
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-10141

    The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-10140

    The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3749 Results