Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40102

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized ye... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-53245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through <= 1.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-53242

    Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-63717

    The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or sam... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-53239

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bnovotny User Registration Aide user-registration-aide allows Reflected XSS.This issue affects User Registration Aide: from n/a through <= 1.5.3.8.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-53214

    Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40041

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Oops[#1]: CPU 0 Unable to handle kernel paging request at virtual a... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NONE
    CVE-2025-26862

    Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.... Read more

    Affected Products : pingfederate
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40086

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, wh... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40085

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() withou... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40044

    In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Craf... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-52773

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through <= 1.5.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39994

    In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sl... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39993

    In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-fr... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-49904

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: ... Read more

    Affected Products : booking_\&_rental_manager
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-49900

    Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-49909

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through < 2.4.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-49390

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through <= 1.6.4.... Read more

    Affected Products : cookie_notice_\&_consent
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-49398

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-49394

    Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and displa... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 3801 Results