Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40329

    In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed out a possible deadlock: [ 1231.611031] Possible interrupt unsafe locking scenario: [... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 4.5

    MEDIUM
    CVE-2025-67467

    Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.... Read more

    Affected Products : givewp
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.2

    CRITICAL
    CVE-2025-40801

    A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-63057

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6.... Read more

    Affected Products : wp_ultimate_review
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-40800

    A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002... Read more

    Affected Products : simcenter_femap solid_edge_se2025
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-40935

    A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-63059

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through <= 4.7.8.... Read more

    Affected Products : ninja_popups
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63052

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-63049

    Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-40807

    A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid us... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-42904

    Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on c... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-59030

    An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.... Read more

    Affected Products : recursor
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 1.3

    LOW
    CVE-2025-66622

    matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service co... Read more

    Affected Products : matrix-rust-sdk
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-63058

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <=... Read more

    Affected Products : custom_field_template
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-42876

    Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all c... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63075

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.1.7.... Read more

    Affected Products : betheme
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63073

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through <= 12.8.0.2.... Read more

    Affected Products : the7
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-5470

    Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-67535

    Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-9368

    A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service
Showing 20 of 5375 Results