Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-66566

    yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. ... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40292

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size f... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40291

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't o... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-13863

    The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `token` parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13857

    The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap_button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output es... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13656

    The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11263

    The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more

    Affected Products : link_whisper_free
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12715

    The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and ou... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13899

    The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-13856

    The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-40283

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver,... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-12876

    The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possibl... Read more

    Affected Products : projectopia
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-14091

    A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12577

    The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and inc... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40289

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40286

    In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40284

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40278

    In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . [net?] KMSAN: kernel-infoleak in __skb_datagram_iter I... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40277

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow cau... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40288

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer derefere... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4772 Results